The results of a new survey indicate that while many SMBs believe they’re safe from cyber threats, they aren’t doing much to ensure that’s the case.
Last month, the National Cyber Security Alliance (NCSA) and Symantec surveyed 1,015 SMBs (<250 employees).
What they found was many SMBs could use some help turning their thoughts on cyber security into actions.
For example, 77% believe their company is safe from cyber threats such as hackers, viruses, malware or a cybersecurity breach, yet 83% have no formal cybersecurity plan.
By formal cybersecurity plan, NCSA and Symantec mean strategies for protecting data and computing resources, including written policies and procedures.
Along those lines:
- 87% don’t have a formal written Internet security policy
- 75% don’t have a social media policy
- 68% don’t have an Internet network usage policy spelling out employees’ responsibilities to protect company information, and
- Only about 30% of the respondents provide some sort of training for employees on how to keep their computers secure and use the Internet safely
And, as far as security measures are concerned:
- Only 44% said their company’s computers are checked weekly to make sure all software is up-to-date (the rest check less often and in some cases, never check at all)
- Only 14% said they require multifactor authentication, and
- Only 14% have an automated system that forces employees to change their passwords periodically
Dedicated IT person is essential
IT managers on the front lines are well aware that cybersecurity threats are real. So why do the results of this survey indicate SMBs don’t take cyber threats seriously?
Perhaps it’s because 90% of the respondents said they don’t have an internal IT manager on staff whose sole job it is to take care of technology-related issues.
Not having a dedicated IT person on staff puts SMBs at a serious disadvantage when it comes to fending off cyber attacks. Hackers know full well many SMBs lack the finances, manpower and expertise needed to mount a proper defense. In fact, the number of targeted attacks against small businesses doubled the first half of 2012 over the same period last year, according to Symantec.
Even if your organization doesn’t need a full-time IT security staffer, consider giving one person the job of protecting the company’s data. And, if you outsource data protection, someone in-house should still be held accountable for overseeing security.