Small-business owners don't plan for cyberattacks, survey finds

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.securityinfowatch.com/news/12137401/small-business-owners-dont-plan-for-cyberattacks-survey-finds

Cyberattacks on some of the nation's biggest businesses have exposed the
personal information of tens of millions, yet most small businesses don't
have a plan to respond to such attacks, according to a survey commissioned
by Nationwide.

The survey, released on Tuesday, found that 8 in 10 small-business owners
do not have a cyberattack-response plan, even though a majority of them
have been victims of at least one type of attack.

The survey, based on results from 500 small-business owners, found that 46
percent think their current software is secure enough and 40 percent don't
think their company would be affected.

"We're still in the state that 'it won't happen to me,'" said Tony Fenton,
an associate vice president for Nationwide.

Fenton said small-business owners need to be educated on the solutions in
the marketplace to help fight cyberattacks.

"Maybe they don't perceive themselves as a target," he said. "But a look at
the research shows that they are as much of a target as a large company."

Even though many are unprepared, 73 percent of the business owners surveyed
say they are concerned about cyberattacks, and 63 percent say they've been
a victim of at least one type of attack, including computer viruses,
hacking, data breaches and phishing.

Nationwide began offering cyberinsurance a year ago that protects against
cyberthreats, including the loss of a company's computer data, disclosure
of information about customers and identify theft. Nationwide also provides
experts to help customers work through the cyberattack and recover from it.

Fenton said the risk of cyberattack is as much of a threat to small
businesses as are fire and theft.

"There is a gap of thinking within the small-business community," he said.
"They think the software is strong enough or there really isn't a risk."

Ted Johnson, the tax- and litigation-support partner with accounting firm
Parms & Co. in Columbus, said the company is always worried about
cyberattacks but is well-prepared to stop one.

"Given the fact that we are CPAs, what better place to mine for data than a
firm that does taxes," he said.

The company has built enhanced firewalls and security systems meant to
block potential breaches, he said.

"People need to be aware that it can happen. It's out there and has been a
problem," he said.

One problem many businesses have faced recently is the hijacking of
computer systems, demanding ransom in exchange for returning control.

Johnson also said employers face risks when they allow employees to use
office computers to access social-media sites such as Facebook that can
expose the company to hackers. Also, employees will open emails from
senders that they don't recognize.

He said employers often fail to tell their employees not to do that.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!