My Business

Columnists

Close

Comments

What's Hot in Small Business – Chris Crum

What's Hot in Small Business – Chris Crum
Chris Crum Chris Crum has been a featured writer with the WebProNews.com team and the iEntry Network of B2B Publications since 2003. Chris writes for Small Business Resources about social media, search, and what’s new for small business. Hundreds of publications link to Chris’ articles including the Wall Street Journal, USA Today, LA Times and the New York Times.

Small Businesses Are Ill-Prepared for Cyber Attacks

Small Businesses Are Ill-Prepared for Cyber Attacks

CSID recently partnered with Research Now to survey 150 small business owners from across the country about their approaches to risk mitigation and response. The big takeaway is that small businesses are more at risk than they realize and they're not taking the necessary proactive steps or allocating budgets adequately to defend against cyber-attacks.

None of this is to say that small businesses aren't concerned about potential cyber-attacks. They are. The survey found that most of them (58 percent) are worried about them, but nearly as many (51 percent) aren't actually allocating any budget at all to prevent them. More than half (53 percent) don't think they store any valuable data yet 68 percent store email addresses, 64 percent store phone numbers, 54 percent store billing addresses, 48 percent store home addresses, 24 percent store social security numbers, and 20 percent store credit and debit card numbers.

According to CSID, there's a "significant educational disconnect" for small businesses regarding the understanding of what personally identifiable information actually is and how vulnerable their businesses are. The firm published a case study about Jomoco, in which it shows that a single business email address took down the entire business. They point to this case study as a prime example of the dangers of this educational gap.

The survey found that 31 percent of small businesses are not taking any proactive measures to mitigate risks of cyber threats and only 24 percent of them that are not allocating any budget for cyber-attacks feel they are well prepared to handle one. 12 percent of small businesses have a breach preparedness plan in place, it found.

"It will take collaboration between the security industry and public and private sectors to help bring security best practices from the back burner to top-of-mind for small business owners," said CSID's Morgan Grevey. "These groups must become aware of the unique threats facing their business, and learn how they can help mitigate risk. Some recommendations: monitor business information to stay ahead of cyber threats, bake-in cyber security best practices to your business plan and corporate culture, and have a breach preparedness plan in place to minimize the impact of a breach."

Earlier this year, the Government Security Breaches survey found that almost three-quarters (74 percent) of small businesses reported a security breach in the last year, which was an increase over the prior year's survey. Research from security firm Symantec found that over half (52.4 percent) of "spear phishing" attacks (emails that appear to be from someone the recipient knows, but are not) in December were against small to medium-sized businesses.

So why are small businesses so highly targeted these days? According to experts, it's mainly the data they have available and cyber criminals' ability to attack large volumes of them with automation. It probably doesn't help that many small businesses aren't putting any money toward protecting themselves and don't even seem to understand the real danger that their companies are in. Awareness is a powerful thing.


 

The Business Resources Center offers helpful news, tips, and tools for general information purposes only, It is not intended to provide legal, financial, or other advice or recommendations for any specific individual, business, or circumstance. The offerings found here are provided by third parties, which are neither controlled nor endorsed by First Tennessee Bank National Association. First Tennessee Bank National Association does not guarantee or warrant the accuracy, completeness, or timeliness of this information and content. Additionally, links to third party sites are provided for your convenience. Such sites are neither controlled nor endorsed by First Tennessee Bank National Association and may not have the same privacy, security or accessibility standards. Third Parties are responsible for the content and availability of their sites.