Nearly eight in ten surveyed small business owners in the United States don’t have a cyberattack response plan, even though 63% of them have been victims of at least one type of cyberattack, according to a study commissioned by Nationwide, a Columbus, Ohio-based diversified insurance and financial services organization.
The survey, released on Tuesday, focused on 500 U.S. small business owners with fewer than 300 employees and who have at least a moderate role in employee benefit selection, Nationwide said in a statement. According to the survey, 79% of small business owners have no cyberattack response plan in place. When asked why not, 46% said they feel their current software is secure enough, and 40% said they do not feel their company will be affected by a cyberattack.
At the same time, 73% are at least “somewhat concerned” with a potential cyberattack affecting their business — especially since 63% of small business owners admit they have been victims of at least one of the following:
• Computer virus (44%);
• Phishing (30%);
• Trojan horse (22%);
• Hacking (16%);
• Data breach (11%);
• Issues due to unpatched software (10%);
• Unauthorized access to customer information (9%); and
• Unauthorized access to company information (8%).
The study also found that perceived ease of recovery contributes to the deprioritization of cybersecurity – virtually all small business owners (95%) are at least somewhat confident that they’ll recover from an attack. In the aftermath of a breach, there’s overall agreement that the actual data breach is quicker to fix (61% say it would take less than three months) than either the financial (45% say less than three months) or reputation/trust (49%) damages. [click image below to enlarge]
Nationwide offers the following 10 tips to help small business owners and their insurance agents create a cybersecurity plan:
• Insurance – Acquire cyber insurance to cover losses in case of a breach or fraud;
• Perimeter – guard the physical perimeter to prevent hackers from accessing sensitive data and the company’s computer network:
• Employees – Educate employees, as they are the company’s first line of defence against cyber criminals;
• Firewall – Activate a firewall to block connections that are used to hack into the system and deliver viruses;
• Software – Install and regularly update spyware, antivirus and malware software to help prevent and detect any of those from affecting computers;
• Passwords – Use stronger passwords of 8-10 characters that include letters, numbers and special characters and change them regularly;
• Network – Secure wifi networks to prevent hackers from accessing servers or using the Internet connection without knowledge;
• Social – Set social network profiles to private and check security secure, and be mindful of information posted online;
• Data – Encrypt the most sensitive data, make a backup and store it in a fireproof safe or off-site; use a dedicated computer for all sensitive information; and
• Vendors – Carefully select online computing services, because any information shared with vendors can be compromised by their system.