Despite a rash of high-profile cybercrimes in recent months, many small business leaders remain unsure how to protect themselves.
While nearly half of small businesses with between six and 49 employees understand the protection needed to ward off a physical theft, less than one-third understand how to combat today’s cybercriminal, according to a study by security provider Norton by Symantec.
In the last month, over 200,000 systems, including NHS, Telefónica, FedEx, Deutsche Bahn, and LATAM Airlines all suffered high-profile data breaches following the WannaCry ransomware attacks, which cost the companies millions of dollars in lost revenue. Even knowing how much damage can be done, just 29 percent of the small businesses surveyed know the steps needed to improve their company’s security to protect it from data breaches, and only 28 percent have a plan in place to respond to any data breaches. Overall, small business leaders spend just two days a year on contingency planning for a data security breach and only 14 minutes each day thinking about their company’s data security.
The area small businesses appear to be most vulnerable to cybercriminals is via mobile devices. While nearly all small businesses have cybersecurity systems installed on their company’s desktop and laptop computers, only 60 percent have the same protection on their tablets and smartphones.
In total, the small businesses surveyed spend an average of $749 a year on security software products, which is just one-third of what they spend on entertaining customers each year.
If this year is any indication of things to come, Internet security should be a top priority for small businesses. In 2014, problems resulting from Internet security issues or incidents cost the average small business $1,600 and two days of lost work time. Despite those numbers, just 28 percent of small business leaders want to improve how their company manages Internet security.
To help small businesses do a better job of protecting themselves, Symantec offers several tips:
- Be proactive: Since security updates for computer operating systems and software often arrive too late to be effective, don’t wait for them to be sent to you. Instead, have protection systems in place that are proactive and thorough.
- Automatic updates: To reduce the risk of malware spreading through your network, set up automatic security updates for your essential software.
- Go wireless: Use wireless encryption to establish a secure protection against cybercriminals.
- Change passwords: Small businesses should mandate that employees regularly change their passwords. The research discovered that 44 percent of small businesses have no such requirements for their workers.
The study was based on surveys of 400 small business leaders, which included owners, partners, presidents, CEOs, directors and managing directors. The businesses, which ranged in size from six to 49 employees, encompassed a variety of industries, including retail, construction, manufacturing, wholesale distribution, financial services, consulting, real estate, travel and leisure, education, engineering, health care, information technology, insurance, nonprofit, telecommunication, entertainment and legal.