Small businesses unprepared for cyberthreats
Many small-business owners say they feel safe from cyberattacks, but they're vulnerable, according to new survey.
By Cadie Thompson
Most U.S. small-business owners are living under the false notion that their business is safe from cyberattacks, but in reality, they are far from secure.
According to a recent survey sponsored by the National Cyber Security Alliance and Symantec, most small businesses believe their company is safe from cyberthreats. But actually, most small businesses are completely unprepared for a cyberattack.
More than 77% of small-business owners surveyed said their company was safe from hackers, viruses, malware or other threats, but 83% of the businesses have no formal cybersecurity plan.
"Small businesses are being targeted because cybercriminals know that they more than likely have less of a defense and are an easier target," said Michael Kaiser, the executive director of the National Cyber Security Alliance.
Small-business owners often assume they have nothing of value to a cybercriminal, so they don't take precautions to protect information, such as customers' personal data, Kaiser said.
According to the survey, Kaiser is right. About 60% of businesses had no plan for a data breach, and 66% of small-business owners were not even concerned about cyberattacks.
"They need to understand that any business is part of the ecosystem, so whether you have customer data or lists of customers or any sort of customer information, whatever it might be, that data is what cybercriminals are often trying to harness," Kaiser said.
The survey, which was conducted in September and based on data from 1,015 U.S. small businesses, was released this week as part of National Cyber Security Awareness Month, a national effort aimed at promoting cybersecurity in both the private and public sectors during October.
A recent string of cyberattacks on U.S. banks has heightened international concern. However, much of the discussion has focused on threats to national security and large corporations, not small businesses.
"The kinds of threats small businesses face look like the threats larger enterprises face as well," said Kaiser.
He said one of the most common threats to small businesses is phishing, when a hacker steals information by posing as a trustworthy source.
Small businesses can help decrease their risk of attacks by making sure all company computers are clean, which means making sure machines are malware-free and all software is up to date. Small businesses should also implement an online policy for employees, which defines what employees are allowed to do online.
"There's the human factor, that you need to train your employees," Kaiser said. "Small businesses need to understand what their employees are doing, and their employees need to understand what they are allowed to do or what they should really not do."
More from CNBC.com: