Small Businesses Claim Cyber-Security Superiority But Leave Much to Chance

More than half of 1,000 small-business owners surveyed believe they are better-prepared to secure sensitive customer and corporate data than are large businesses.

Just as staff members need to trust that their employer is keeping their personal information under wrap, so, too, do customers, whether they swipe their debit card at the cash register or make an online credit-card purchase.

In a recent study, the National Cyber Security Alliance conducted with Visa Inc., small-business owners were polled about their cyber-security practices and attitudes. Eighty-five percent revealed that as small-business owners, they believe they have a smaller chance of being targeted for cyber crimes than have large companies.

When asked about the type of company-related data they store on their computer systems, 65% reported customer data; 43% reported financial records; 33% reported credit-card information; and 20% said intellectual property and other “sensitive” corporate content.

National Cyber Security Alliance works with public and private entities to implement education and awareness programs to help users protect their sensitive information.

“A cyber-security breach,” says the alliance, “would diminish the trust that your employees and customers have in your business. Cyber security practices are about more than protecting your network; they are about protecting your business and livelihood.” 

Of the 1,000 companies polled, 43% have been in business at least 10 years; 58% of the responders generate annual revenue of $249,000 or less.

The poll also revealed that many of the small-business owners aren't being proactive in their efforts to protect their most vulnerable information. Of the 1,000 responders, only 36% have run a criminal background check on employees that handle payment data.

Three-quarters admitted that their employees received less than three hours of network and mobile-device security training in the previous 12 months, with nearly half, or 47%, saying their employees receive no training.

Two other areas of concern were use of planning and policies. According to the study, only 43% of the small-business owners have a plan in place to respond to the loss of customer data, specifically credit or debit-card information or personal identifying data.

In addition, less than half of the small-business owners (40%) have a corporate policy in place that prevents employees from connecting company devices to unsecured wireless networks.

“Strengthening your company against cyber threats is critical to protecting your valuable information from falling into the wrong hands,” the alliance advises.

For more information about the National Cyber Security Alliance or the study, visit the company’s Web site at