The vast majority of small business owners truly think they’re safe from cyber security threats, even as many fail to take fundamental precautions to keep their companies safe. That’s what a new survey released today by Symantec and the National Cyber Security Alliance as part of National Cyber Security Awareness Month shows. In fact, 85 percent of respondents believe their company is safe from hackers, viruses, malware or a cyber security breach.
But, when you look closer, most small businesses lack sufficient cyber security policies and training. The proof is in the pudding on that front:
· 75 percent do not have a formal written Internet security policy for employees
· Of those, 49 percent do not even have an informal policy
· 45 percent of small businesses do not provide Internet safety training to their employees (only 37 percent said they do)
· 56 percent do not have Internet usage policies that clarify what websites and Web services employees can use
· Only 52 percent have a plan in place for keeping their business cyber secure
The findings uncover a strong disconnect between perceptions and reality for small business owners when it comes to their cyber security posture. How can small business owners feel their networks are so safe yet they lack policies for protecting them?
The survey also found that small business owners are more concerned with an internal threat to their company, such as an employee, ex-employee or contractor/consultant stealing data (53 percent), than an external threat such as a hacker or cybercriminal stealing data (10 percent). It’s perplexing that small businesses feel safe from external threats, particularly when you consider that small businesses are an increasingly appealing target for cyber attacks.
Symantec detected more than 286 million new threats last year and an average of 3,473 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware. Just last month, the Symantec Intelligence Report research showed that 1 in 208.2 emails sent to small businesses contained email-borne viruses. If that’s not bad enough, small businesses sense of security seems even more unwarranted given that 40 percent of all targeted cyber attacks are aimed at companies with less than 500 employees.
Small businesses need a reality check before it is too late—when they’re under attack. What small businesses can and should do now is prepare, plan and educate their employees. Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine. Small businesses also need to take a proactive approach and implement the technologies and services that will help protect them against the unexpected. Consider these tips on preventing malware attacks to get you started.