A recently released study conducted by Symantec’s (a large provider of security software) revealed that although most small business owners are aware and knowledgeable of the potential security risks their businesses face online and are aware of the potential damages (both financially and otherwise) security breaches could cause to their organization, many do not take precautions to prevent them. Symantec’s 2011 SMB’s Threat Awareness Poll examined the awareness levels of security threats to small businesses and the preparedness of these groups to protect themselves. The study concluded that most small businesses failed to implement adequate security measures for their online information based on the assumption that they were too small to attack, or that cyber-criminals only target larger organizations. This despite their high-level of knowledge regarding the nature and kinds of cyber-attacks and threats to their organization. According to the study, 61% of small business participants did not use an anti-virus desktop security software, 63% did not secure computers used for online banking, and 47% did not take any security measures for mail services, suggestion that confidential and valuable organization information is passed freely through unsecured email servers or services.
These findings are in stark contrast to previous observations by Symantec, which found that since the beginning of 2010, cyber-attacks targeted at larger enterprises made up only 28% of total cyber-crimes. This research indicates that the notion that small businesses are too small to attack is false and that protecting their online information is more important now for these groups than ever. Although small businesses are often faced with limited resources, basic steps ought to be taken to ensure online security and digital information protection.
We want to know, as a small business, what steps have you or your organization taken to protect yourselves from cyber-crime and online security breaches?