The heart that beats at the center of the American economy is small business. The U.S. Small Business Association (SBA) defines a small business as one with less than 500 employees. According to the SBA, 99 percent of all independent enterprises in the United States employ less than 500 people. Approximately 19.6 million Americans are employed by companies with fewer than 20 employees. Most of the data breaches that we have written about in previous posts concern large corporations, however small businesses are at an even greater risk of experiencing a security data breach. Even worse, they are doing nothing about data security.
A study commissioned by the National Cyber Security Alliance (NCSA) and Symantec, in September 2012, focused on online safety and small business. The survey of 1,015 U.S. small and mid-sized businesses showed that America’s small business owners and managers aren’t prepared for a security data breach. While most survey participants agreed that IT security was important to their businesses, most didn’t have the proper procedures or policies in place.
Here are some shocking statistics from the study:
- Eighty-seven percent of SMBs (small and medium sized businesses) do not have a formal written Internet security policy for employees, while 69 percent do not have even an informal Internet security policy for employees.
- Eighteen percent of SMB owners/operators say they would not know if their computer network was compromised (i.e. infected with a virus, private information stolen, etc.)
- Fifty-nine percent of small business owners/operators say they do not have a contingency plan outlining procedures for responding and reporting a data breach loss such as: loss of customer or employee information; loss of credit or debit card information; or loss of intellectual property; 31 percent say they do have a contingency plan to handle such challenges.
- One in ten (11 percent) SMB owners/operators say no one is responsible for online and cybersecurity at their business. At the same time, 66 percent say they are responsible for online and cyber safety at their establishment while nine percent rely on an IT savvy employee and eight percent use an outside IT consultant.
Even more disturbing, 47 percent of small business owners and managers felt that a data breach would have no impact on their business, or would be viewed as an isolated incident.
Small business owners need to recognize the risks and implement changes in their organization to prevent and manage a data breach. You owe it to your customers, your employees and yourself.
According to Accounting Web, 80 percent of small businesses that experience a data breach suffer serious financial losses and many go bankrupt. This information was compiled by the Privacy Rights Clearinghouse. While corporations have the resources and financial capacity to deal with these losses, a small business struggling to get by can’t afford to take such a hit. Don’t wait until you have to fight your way back from bankruptcy before you take control of your data security.
You need to start thinking seriously about protecting your data. Start small. You can implement changes gradually if you feel the process is overwhelming. You may not be able to afford your own IT department, but there are steps you can take. Start by educating your staff. Consider a move to a secure email and document delivery service. There are many free resources online where you can find information on how to protect your confidential and proprietary information.
In tomorrow’s post we will provide you with tips and explore some of these resources on securing your data and handling a data breach.