- In a poll of 500 business owners, 81% said their employees understood the importance of data security.
- The survey also reported that 60% train their employees on data security practices.
- Still, 27% of business owners said they weren't leveraging any type of data security software to protect their devices.
As we near the end of National Cybersecurity Awareness Month, it's important that small business owners understand the need for data security. A single data breach can spell disaster for your company, which in many cases, could have been avoided. While the need for a cybersecurity plan should be common knowledge in 2019, the latest survey from Paychex suggests that may not be the case for some American business owners.
In a survey released late last week, Paychex's researchers polled 500 business owners of companies with 500 or fewer employees about their thoughts on how cybersecurity affects their organizations. What researchers found was that while most business owners said they understood the importance of cybersecurity, 27% reported not using any type of software-based preventative measure to thwart potential data breaches.
Taking preventative measures
While slightly more than 1 in 4 respondents said they didn't currently have any type of data security software in place when they were polled, researchers found most respondents did. While approximately 73% of polled business owners said they already had security software online, they differed on the types of measures they implemented.
According to the survey, 48% of respondents said they used on-premises software. This type of solution gives companies more control over how they secure their data, and it is generally handled by in-house IT staff. On-premises solutions are also more like traditional software programs, which means they require a license to use the application, and they are installed locally.
On the other side of the coin, 11% of business owners reported using cloud-based software for their cybersecurity needs. While on-premises programs offer more control and security options, companies that utilize cloud-based options have 24-hour remote access to the system, and are generally looking to secure their data while saving money on server bandwidth and IT costs, paying for IT services on an as-needed basis.
The remaining 14% told researchers they were using both on-premises and cloud-based solutions for an even more secure strategy. [Visit our sister site, business.com, to see our internet security and antivirus software recommendations.]
Bradley Schaufenbuel, chief information security officer at Paychex, said companies must remain vigilant if they want to truly secure their data. "While it's reassuring to see the majority of business owners are taking the appropriate steps – from employee training to software investments – to defend against the threat of a cyberattack or data breach, it's not a once-and-done commitment," he said.
Confidence in cybersecurity
In addition to learning how businesses kept their data secure, researchers asked respondents questions about their existing cybersecurity policies.
According to the study, 72% of respondents said they regularly reviewed their cybersecurity plans, and 70% said they felt their company had a "clear data security policy." As for how their employees viewed cybersecurity, 81% felt their employees understood why data security was important, while 60% said they train every employee on the issue. [Read related article: Cyberattacks and Your Small Business: A Primer for Cybersecurity]
Researchers also broke down their findings based on company size and found that 89% of companies with 100 to 500 employees were more likely to train their employees on data security measures, while only 59% of companies with one to 19 employees would do the same. That disparity could suggest that small business owners think their less-staffed operations aren't a target for data breaches, but the earlier this year, the 2019 Data Breach Investigations Report by Verizon showed that 43% of all data breaches impacted small businesses.
"As the risks of (cyberattacks or data breaches) increase, employers must consistently reevaluate and adapt their security policies and controls to ensure they are protected as much as possible against the latest types of threats," said Schaufenbuel. [Read related article: How to Improve Your Small Business's Cybersecurity in an Hour]