Fortinet Finds Small Business Retailer Security Shortcomings


Small-business retailers are falling short on regulatory compliance, as well as security best practices such as password safety, Fortinet has found

While a majority of US small business retailers are aware of an increasingly complex threat and regulatory environment and are applying best security practices and compliance policies to keep safe, more than one in five retailers (22 percent) are not compliant with payment card industry data security standard (PCI DSS), according to a survey sponsored by Fortinet.

An additional 14 percent of the 100 small and midsize business (SMB) organisations surveyed don’t know if they are PCI compliant or not, and more than half (55 percent) of surveyed retailers are unaware of their state’s security breach requirements, while 40 percent lack any established policy adhering to those requirements.

Managed security

The survey also indicated that SMB retailers would be more likely to consider retail analytics if they were more knowledgeable about the technology. Of the 41 percent that said they are unfamiliar with retail analytics, almost half (49 percent) express that they would like to someday use the technology.

Security © m00osfoto Shutterstock 2012

More than half (53 percent) of retailers said they are managing and maintaining their own security infrastructure on-site. However, 18 percent of retailers are now also relying on a managed security services provider (MSSP) to augment their security defenses, while another 29 percent are looking to move more security functions to a third-party managed service provider.

Eighty percent of retailers said they want to see physical security infrastructure, such as video cameras, DVRs and alarm systems, housed in a single device that also manages network security mechanisms such as firewall, virtual private network (VPN), anti-virus and web application firewall.

While almost three-fifths (59 percent) of SMB retailers said they have a data disposal policy in place, 29 percent lack any established data disposal plan, while 12 percent are completely unaware of their organisation’s data disposal policy.

“This survey was eye-opening for us. Despite looming threats and stiff compliance penalties, more than a fifth of SMB retailers are still not PCI compliant, while many are falling short of security best practices like password safety,” Patrick Bedwell, vice president of product marketing for Fortinet, said in a statement. “The survey also confirmed that – as with larger retailers – SMBs have a strong interest in big-data analytics, as well as standalone products that incorporate both network and physical security capabilities within a single appliance.”

Wi-Fi security

According to the survey, 15 percent of retailers offering free guest Wi-Fi fail to enforce any kind of security policy, such as blocking unacceptable content, malicious websites or malware.

While 60 percent of SMB retailers have password protections and enforce them regularly, 40 percent of retailers don’t require their employees to change their password at least once a year, which the report said dramatically increases their risk of data loss.

The survey was conducted by GMI, a division of Lightspeed Research, a provider of technology-enabled solutions and online responses for global market research. Each survey respondent claimed to have knowledge of their company’s business network, payment systems and information security policies. Additionally, respondents were limited to those who use credit or debit card transaction as their primary means of accepting payments.

Do you know all about Edward Snowden And the NSA? Take our quiz.

Originally published on eWeek.