85% of small business owners believe their companies are less of a target for cybercrime than large companies according to a new survey released by National Cyber Security Alliance (NCSA) and Visa, Inc.
Because of this perceived sense of lower risk, nearly 50% of all small business owners believe the high cost in time and money to fully secure their business is not justified by the threat.
This misplaced view of risk means that though 65% of small businesses store customer data, including 43% that store financial records and 33% that store credit card information:
- 47% of small business owners have provided no network or mobile device security training whatsoever in the past year (75% have provided less than 3 hours of training for employees)
- Only 36% have run a criminal background check on employees that handle payment data.
- Only 43% have a plan in place to respond to the loss of customer data, such as credit or debit card information or personal identifying data.
- Only 41% have a corporate policy preventing employees from connecting company devices to unsecured wireless networks.
- Only 36% of small businesses say they are compliant with the Payment Card Industry Data Security Standard – in spite of the fact that compliance is required of all businesses that accept payment cards.
- Only 21% say the payment application they use has been validated against the Payment Card Industry Data Security Standard
What this means to you
Cybercriminals look for the easiest targets, and that is no longer the big companies with millions of records as these companies have had to step up their security measures. According to security experts and law enforcement groups, the new targets that hackers and cyber criminals are honing in on are small businesses. The report notes that just last month, Ukraine authorities arrested five individuals who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-sized businesses.
“The greatest threat to a company’s cybersecurity is complacency,” said Michael Kaiser, executive director of the NCSA. “We encourage small business owners to take the necessary precautions to protect their customers, employees and their businesses.”
Your safety and privacy are directly impacted by the security measures – or lack of security measures – taken by the companies with whom you do business. If these companies fail to have up-to-date security and privacy measures in place it only takes moments for all their consumers – you – to be placed in harm’s way and in many instances you won’t even be notified of the breach.
As you go about your interactions with companies and services of any size, ask or look to find a notice of what security measures are in place, what precautions they’ve taken to screen their employees, and the steps they take to protect your privacy.
In today’s world, you simply can’t assume your information is being treated with the care it is due.