Assess Your Risk

Smaller businesses have become bigger targets for cybercriminals because the bad guys know that they have fewer defense resources than large enterprises.

If cybercriminals can breach a small business and steal credentials (banking accounts, email access, etc.) they can use that information to steal money directly, create attacks on your customers and work their way around the business ecosystem in other nefarious ways.

National Cyber Security Alliance/Symantec research on small businesses has shown that two thirds (66%) say that their business is dependent on the Internet for its day-to-day operations; 38% characterize it as very dependent and 67% say they have become more dependent on the Internet in the last 12 months.

The research also indicates that businesses have vital information to protect: 69% handle sensitive information, including customer data; 49% have financial records and reports; 23% have their own intellectual property and 18% handle intellectual property belonging to others outside of the company.

Furthermore, the research indicates that most small businesses have considerable risks that are not addressed:

  • 77% do not have a formal written Internet security policy for employees.
  • 63% do not have policies regarding how their employees use social media.
  • 60% say they have a privacy policy in place that their employees must comply with when they handle customer information and half (52%) have a plan or strategic approach in place for keeping their business cyber secure.
  • More small business owners say they do not (45%) provide Internet safety training to their employees than do (37%).
  • Two thirds (67%) allow the use of USB devices in the workplace.
  • Six in ten (59%) say they do not require any multi-factor authentication for access to any of their networks, and only half (50%) say that all of their machines are completely wiped of data before disposal.

Questions to Consider:
  • What information do you collect?
  • How do you store the information?
  • Who has access to the information?
  • How do you protect your data?
  • What steps are you taking to secure your computers, network, email and other tools?