National Cyber Security Awareness Month Survey of Small Businesses Shows
Discrepancies Between Needs and Actions When it Comes to Security Policies
WASHINGTON, Oct. 27 /PRNewswire-USNewswire/ -- Small business owners'
cybersecurity policies and actions are not adequate enough to ensure the
safety of their employees, intellectual property and customer data, according
to the 2009 National Small Business Cybersecurity Study. The study,
co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec
[Nasdaq: SYMC], as part of this year's National Cyber Security Awareness
Month, surveyed nearly 1,500 small business owners across the United States
about their cybersecurity awareness policies and practices.
The survey confirmed that small businesses today are handling valuable
information - 65 percent store customer data, 43 percent store financial
records, 33 percent store credit card information, and 20 percent have
intellectual property and other sensitive corporate content online. 65
percent of the business survey claimed that the Internet was critical to their
businesses success yet they are doing very little to ensure that their
employees and systems are not victims of a data breach.
The survey shows discrepancies between needs and actions regarding security
policies and employee education on security best practices. Only 28 percent
of U.S. small businesses have formal Internet security policies and just 35
percent provide ANY training to employees about Internet safety and security.
At the same time, 86 percent of these firms do not have anyone solely focused
on information technology (IT) security. For those small businesses that do
provide cybersecurity training, 63 percent provide less than 5 hours per year.
The lack of focus on cybersecurity awareness and education on the part of U.S.
small businesses can lead to the loss of vital customer and company data. The
study found that while more than 9 in 10 small businesses said they believe
they are safe from malware and viruses based on the security practices they
have in place, only 53 percent of firms check their computers on a weekly
basis to ensure that anti-virus, anti-spyware, firewalls and operating systems
are up-to-date and 11 percent never check them.
"The 20 million small businesses in the U.S. are a critical part of the
nation's economy. While small business owners may understandably be focused
on growing their business and the bottom line, it is imperative to understand
that a cybersecurity incident can be disruptive and expensive," said NCSA
Executive Director Michael Kaiser. "To the millions of very savvy
entrepreneurs across our nation, our message is simple - being smart about the
online safety of your employees, business and customers is a critical part of
doing business. Cybersecurity is not a nice thing to have for American
businesses, it is critical to their survival."
Meanwhile, small businesses seem out of sync with some Internet security
risks. 75 percent of small businesses said that they use the Internet to
communicate with customers yet only 6 percent fear the loss of customer data
and only 42 percent believe that their customers are concerned about the IT
security of their business. What's more, 56 percent of small businesses
believe cybersecurity is the cost of doing business while 21 percent believe
it is just "a nice thing to have."
Laptops, PDAs and wireless networks are great conveniences to businesses, yet
they carry with them an added responsibility to ensure the data is secure.
Today, more than 66 percent of employees take computers or PDAs containing
sensitive information off-site. Wireless networks are gateways for hackers
and cyber criminals and must be secured by complex passwords. Unsecured
wireless networks are akin to leaving the front door of a filing cabinet wide
open on the sidewalk. 62 percent of the companies surveyed have a wireless
network but 25 percent of them do not password protect their wireless
networks. This is a significant security risk as hackers can steal
information being passed through these open networks.
"Security threats are becoming more complex and employees of small businesses
are increasingly the target of attacks that expose their organizations to
data loss," said Sheri Atwood, vice president, global solutions and programs,
Symantec. "Security awareness and education, combined with a comprehensive
security solution, can empower small businesses and their employees to protect
themselves and their information."
For more information on how you can keep you and your business safe online
visit www.staysafeonline.org. For additional results from the Zogby study,
visit: http://staysafeonline.mediaroom.com/index.php?s=67
The demographic makeup of the small business polled focused on number of
employees and revenue. 56 percent of those polled were companies with
one-to-nine employees, 10 percent had 10-25 employees, five percent had 26-50
employees and five percent had more than 51 employees. In terms of revenue,
56 percent had annual revenue of $249,000 or less, 11 percent have revenue of
$250,000-$499,000, eight percent have revenue of $500,000 to $1 million. 11
percent have revenue between $1 million and $5 million and five percent have
revenues exceeding $5 million. The Zogby International poll has a margin of
error of +/- 2.6 percentage points.
About The National Cyber Security Alliance
The National Cyber Security Alliance is a nonprofit organization. Through
collaboration with the government, corporate, non-profit and academic sectors,
the mission of the NCSA is to empower a digital citizenry to use the Internet
securely and safely protecting themselves, the networks they use, and the
cyber infrastructure. NCSA works to create a culture of cyber security and
safety through education and awareness activities. Visit
www.staysafeonline.org for more information. Friend us on Facebook and
follow @staysafeonline on Twitter.
About Symantec
Symantec is a global leader in providing security, storage and systems
management solutions to help businesses and consumers secure and manage their
information. Headquartered in Cupertino, Calif., Symantec has operations in
more than 40 countries. More information is available at www.symantec.com.
Symantec helps organizations secure and manage their information-driven world
with security management, endpoint security, messaging security and
application security solutions.
About National Cyber Security Awareness Month
National Cyber Security Awareness Month is supported by Department of Homeland
Security National Cyber Security Division (NCSD), the National Cyber Security
Alliance, the Multi-State Information Sharing and Analysis Center (MS-ISAC)
and other partners to educate the American public, businesses, schools and
government agencies about ways to secure their part of cyber space, computers
and our nation's critical infrastructure.
Cyber Security is Our Shared Responsibility.
SOURCE National Cyber Security Alliance
Aimee Larsen-Kirkpatrick of the National Cyber Security Alliance,
+1-202-550-5351, aimee@staysafeonline.org or Gina Sheibley of Symantec Corp,
+1-917-297-898, gina_sheibley@symantec.com or Joshua Zecher, +1-202-463-0013
ext. 206, josh.zecher@463.com for the National Cyber Security Alliance
