Small business owners have a false sense of security when it comes to protecting their business from cyberthreats, new research shows.
According to a survey of U.S. small businesses by Symantec and the National Cyber Security Alliance (NCSA), the vast majority of small business owners believe their company is safe from hackers, viruses, malware and cybersecurity breaches.
But a closer look at the study also reveals that most small businesses lack sufficient cybersecurity policies and training. Nearly 80 percent of those surveyed said they lack a formal written Internet security policy for employees; among them, half said they don't even have an informal policy.
Additionally, 45 percent of small business owners said they don't provide Internet safety training to their employees, and the majority don't have Internet usage policies that clarify what websites and Web services employees can use.
Overall, only 52 percent of those surveyed had a plan in place for keeping their business secure from cyberthreats.
The study also found that a large number of small businesses don't know how to respond to online threats, and don't adequately understand the danger they pose.
Forty percent of respondents said their business lacks a contingency plan for responding to or reporting a data breach or loss of customer or employee information, credit card information or intellectual property.
Small businesses operating under the belief that hackers don't go after the little guys may want to think again.
Previous Symantec research found that 40 percent of all targeted cyberattacks are directed at companies with fewer than 500 employees.
"Unfortunately, cybercriminals are increasingly making small businesses their targets, knowing they are likely to have fewer safeguards in place to protect themselves," Cheri McGuire, vice president of global government affairs and cybersecurity policy at Symantec, said in a prepared statement.
A majority of the surveyed businesses indicated they handle customer data, financial records, credit card information and the intellectual property of both their own and others , but fewer than 10 percent are concerned about losing that data, even though cybersecurity experts believe such a loss would prove devastating.
The average annual cost of cyberattacks to small and medium-sized businesses was $188,242 in 2010, according to previous Symantec research. Statistics also suggest roughly 60 percent of small businesses will close within six months of a cyberattack.
"The threats grow in number and complexity each day, but too many small business owners remain naively complacent," Michael Kaiser, NCSA executive director, said in a prepared release. "The stakes are high for individual businesses and the nation as a whole: a single malware attack or data breach can be fatal to a small enterprise, but the collective vulnerability of all our businesses is a major economic security challenge."
The research also found that many small businesses are failing to keep up with the increasing adoption of mobile and social media platforms. Just 37 percent of U.S. small businesses surveyed have an employee policy or guidelines in place for remote use of company information on mobile devices, and just over one in three maintains a policy for employees' use of social media.
The study also found that even though experts recommend strong protection of passwords and wireless networks, a majority of firms do not use multifactor authentication requiring more than a password and login to access any of their networks.
The study was based on research of more than 1,000 U.S. small business owners.