Small business owners said they do not need to spend money to secure their systems because they believe the majority of cybercrime is aimed at large companies, according to a new survey.
Eighty-five percent of the 1,000 small business owners surveyed said their companies are not the main targets of cybercriminals, according to the study sponsored by Visa Inc. and the National Cyber Security Alliance (NCSA). And 54 percent of small business owners said they believe they are more prepared to secure sensitive customer and corporate data than large businesses.
Almost 50 percent of all small business owners did not believe that the online threats to their companies justified the time and money needed to fully secure their systems, according to the survey. In addition, 84 percent agreed that they already have the policies and procedures in place to keep their data and computer systems secure.
However, 75 percent of owners surveyed said their employees have received less than three hours of network and mobile device security training in the past year, and 47 percent said their employees received absolutely no training.
“The greatest threat to a company’s cybersecurity is complacency,” said Michael Kaiser, executive director of the NCSA, in a statement. “We encourage small business owners to take the necessary precautions to protect their customers, employees and their businesses.”
The findings are surprising in light of growing concern from security experts and law enforcement that hackers and cybercriminals are now focusing on small businesses, according to officials at Visa and NCSA.
Officials pointed to a recent example of cybercriminals targeting small and medium-size businesses. In October, Ukraine authorities arrested five people who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-size businesses.
“Cybersecurity investments are critical to protecting a company’s brand and reputation,” said Rosetta Jones, head of public affairs for Visa, in the statement. “We are focused on partnering with small businesses to ensure that they fully understand the business benefits of running a cyber secure operation.”
According to Jones, small business owners should ensure that their payment system software is secure. She said the Payment Card Industry Security Standards Council (PCI SSC) maintains a list of payment applications that have been validated as complying with the Payment Application Data Security Standards (PA-DSS). She said these software applications use secure coding procedures to guard against common attacks and to prevent cybercriminals from installing malware on a company’s computer system.
Small businesses can find basic help online at www.VisaSecuritySense.com as well as more detailed guidance at Visa’s cardholder data security site, www.Visa.com/CISP, or at the PCI SSC's small business site, www.pcisecuritystandards.org/smb.