Small Businesses Lack Security Preparation

Small businesses must do more in order to be ready for potential data loss or security breaches

A survey has found a worrying lack of preparation for security-related incidents among small businesses.

Just 27 percent of small business owners said they have had an outside party test their computer systems to ensure they are hacker-proof.

This is according to the findings of Newtek Business Services’ Small Business Authority Market Sentiment Survey, a monthly window into the concerns of independent business owners.

Lax Procedures

Based on a poll of approximately 1,200 respondents, one of the key findings from the September survey was that 39 percent of business owners stated they do not have their data backed up in more than one location.

The survey also asked small business owners if they had ever been denied access to business because of a hurricane, tornado or other natural disaster, to which 65 percent answered they hadn’t, with 35 percent saying a natural disaster had impacted their ability to do business. Sixty-one percent said they do back up their data and business information in more than one location.

“The Small Business Authority Market Sentiment Survey focuses on issues of security and risk reduction for small businesses,” said Barry Sloane, the company’s president and CEO. “With recent breaches of security at Citi Bank, Sony and the Pentagon, small business owners should be concerned and take precaution to ensure their confidential business information is protected.”

The survey demonstrates that very few business owners have taken the necessary precaution of having a professional data security firm perform a current assessment of vulnerabilities on their commercial website or database applications, according to Sloane.

“Sixty-five percent of business owners surveyed seem unaffected by natural disasters, and 61 percent seem to think their data is backed up in multiple locations,” he said. “We believe that small to medium-sized business owners need to review all aspects of their data security and disaster recovery efforts,” he said.

Security Overconfidence?

Despite the high number of small businesses that may be underprepared for a security disaster, a recent survey by PwC found 43 percent of global companies think they have an effective information security strategy in place and are proactively executing their plans. Twenty-seven percent of respondents identified themselves as “strategists,” while the remaining identified themselves as “tacticians” and “firefighters” (15 and 14 percent, respectively).

Seventy-two percent of the more than 9,600 security executives from 138 countries who took part in the ninth annual survey report confidence in the effectiveness of their organisation’s information security activities – however, confidence has declined markedly since 2006. The findings of the survey have helped carve a new definition of an information security leader.

Even though 43 percent see themselves as “front-runners,” according to the survey only 13 percent made the “leader” cut. Those identified as leaders have an overall information security strategy in place, a CIO or executive equivalent who reports to the “top of the house,” measured and reviewed security policy effectiveness, and an understanding of the security breaches facing the organisation in the past year.