SMEs Lack Cybersecurity Awareness and Policies
Small and Medium Enterprises (SME) are slowly but surely embracing technology, they are incorporating it to their business operation. They want to become more efficient, more effective and more organized. SMEs operate in a simple and straightforward fashion, they may use technology but you will seldom find a SME with its own I.T. department.
The I.T. department of most SMEs is the computer or laptop itself. For this reason, while technology is helping them in doing their businesses, some aspects of technology are being compromised – like security.
According to the 2009 National Small Business Cybersecurity Study shows small business owners’ cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.
The survey confirmed that small businesses today are handling valuable information – 65% store customer data, 43% store financial records, 33% store credit card information, and 20% have intellectual property and other sensitive corporate content online. 65% of the business survey claimed that the Internet was critical to their businesses success yet they are doing very little to ensure that their employees and systems are not victims of a data breach.
The study shows:
– 86 percent do not have a staff dedicated to IT security
– 53 percent check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are updated; 11 percent said they never check at all
– 25 percent of the businesses do not ensure password protection for their wireless networks
– 66 percent of employees take computers or PDAs containing sensitive information off-site
– 72 percent do not have formal Internet security policies
Meanwhile, small businesses seem out of sync with some Internet security risks. 75% small businesses said that they use the Internet to communicate with customers yet only 6% fear the loss of customer data and only 42% believe that their customers are concerned about the IT security of their business. What’s more, 56% of small businesses believe cybersecurity is the cost of doing business while 21% believe it is just “a nice thing to have.”
Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66% of employees take computers or PDAs containing sensitive information off-site. Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords. Unsecured wireless networks are akin to leaving the front door of a filing cabinet wide open on the sidewalk. 62 percent of the companies surveyed have a wireless network but 25 percent of them do not password protect their wireless networks. This is a significant security risk as hackers can steal information being passed through these open networks.
Remember that security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information. It is the responsibility of technology solutions providers or even hardware providers to inform SMEs about the possible threats – do not be just their technology providers, be their partners and you will have more business that you can imagine.