“We recognize that most small business owners are focused on running their businesses, and have limited resources and IT staff dedicated to managing their cyber security needs. Unfortunately, cyber criminals are increasingly making small businesses their targets, knowing they are likely to have fewer safeguards in place to protect themselves.” –Cheri McGuire, vp-global government affairs and cyber security policy, Symantec
I’ve been camping out on the information technology (IT) beat of late in this space simply because so much of trucking’s present and future is increasingly tied to IT systems of some sort or another.
Indeed, so much of our daily lives is now intertwined with IT that the issue of “cyber security” has far ranging importance for everyone, truckers and non-truckers alike.
Of course, the results a survey of U.S. small businesses sponsored by Symantec and the National Cyber Security Alliance (NCSA) and conducted by Zogby International are what sparked this particular rumination on IT security … and, yes, it’s fair to add that I am perhaps a bit too fond of data gleaned in such a manner.
[The great Winston Churchill offered up this famous quip concerning the use polls, surveys, and such like: “It is not always a good thing to be feeling your pulse and taking your temperature. Although one has to do it sometimes, you do not want to make a habit of it. I have heard it said that a Government should keep its ear to the ground, but they should also remember that this is not a very dignified attitude.” Did he have a way with words or WHAT?!]
Still, when a survey finds that while eight out of 10 small businesses in the U.S. feel believe their firms are safe from cyber threats, yet almost 80% maintain no formal IT security policies, you know that’s a major gap just waiting to be exploited.
“The [cyber] threats grow in number and complexity each day, but too many small business owners remain naively complacent,” noted NCSA Executive Director Michael Kaiser in the study. “The stakes are high for individual businesses and the nation as a whole: a single malware attack or data breach can be fatal to a small enterprise but the collective vulnerability of all our businesses is a major economic security challenge.”
Think about these findings for example:
• Two-thirds (67%) of U.S. small businesses have become more dependent on the Internet in the last year and 66% are dependent on the network for their day-to-day operations.
• Some 57% of small firms say that a loss of Internet access for 48 hours would be disruptive to their business and 38% said it would be "extremely disruptive" and 76% say that most of their employees use the Internet daily.
• The vast majority of small business owners think their company is cyber-secure as 85% of respondents said their company is safe from hackers, viruses, malware or a cyber-security breach and seven in ten (69%) believe Internet security critical to their business's success. Additionally, a majority (57%) of small businesses believe that having a strong cyber security and online safety posture is good for their company's brand.
• Yet 77% of those very same small firms admit they do not have a formal written Internet security policy for employees and of those, with 49% reporting that they do not even have an informal policy. More small business owners also said they do not provide Internet safety training to their employees than said they do – to a tune of 45% versus 37%.
• A majority of small businesses (56%) do not have Internet usage policies that clarify what websites and web services employees can use and only 52% have a plan in place for keeping their business cyber-secure.
• At the same time, small businesses may not understand how to respond to online threats or the danger they pose. For example, 40% of small businesses say that if their business suffered a data breach or loss of customer or employee information, credit card information or intellectual property, their business does not have a contingency plan outlining procedures for responding and reporting it.
• Two-fifths (43%) also say they do not let their customers and partners/suppliers know what they do to protect their information.
• Think on this: 69% of small businesses handle customer data while about half (49%) handle financial records, one-third (34%) handle credit card information, one quarter (23%) have their own intellectual property, and one in five (18%) handled intellectual property belonging to others outside their company.
• When asked to rank the top concern of small business owners while their employees are on the Internet, 32% reported viruses, 17% spyware/malware and 10% reported loss of data. Yet only 8% are concerned about loss of customer information, 4% about loss of intellectual property and only 1% worried about the loss of employee data, even though cyber security experts believe the loss of any of this kind of information would be devastating to a business.
Cheri McGuire, vp-global government affairs and cyber security policy for Symantec warned that the “sense of security” displayed by the small businesses in this survey is especially unwarranted given that 40% of all targeted cyber attacks are directed at companies with less than 500 employees
She added that, in 2010, the average annual cost of cyber attacks to small and medium sized business was $188,242. What's more, statistics show that roughly 60% of small businesses will close up within six months of a cyber attack.
Here’s the kicker, McGuire noted: According to Symantec’s Norton Cybercrime Report, the total cost of cyber crime to consumers and small business owners alike, is greater than $114 billion annually.
In addition to struggling with the basics, many small businesses are failing to keep up with the increasing adoption of mobile and social media platforms. Just 37% of U.S. small businesses have an employee policy or guidelines in place for remote use of company information on mobile devices and just over one in three (36%) maintains a policy for employees' use of social media, this survey found.
Social networking platforms now provide hackers with the ability to easily research targets and develop powerful social engineering attacks, with smart phones and other mobile devices are also poised to play a large role with a sharp 42% rise last year in the number of reported security vulnerabilities, according to Symantec's cybercrime report last year.
McGuire noted that strong password protections, protecting USB devices and wireless networks alike, also matter to a firm's security posture. Yet a majority of small firms (59%) do not use “multifactor authentication” to access any of their networks.
Indeed, only half (50%) reported they completely wipe data off their machines before they dispose of them and 21% never do, while two-thirds (67%) of U.S. small businesses allow the use of unprotected USB devices in the workplace.
“It's important for small businesses to educate their employees on the latest threats and what they can do to combat them,” she explained. “Education, combined with investment in reliable security solutions, provides small business owners with a well-rounded approach to protecting their businesses and managing cyber risk.”
That’s all the more pertinent for truckers, who are rapidly finding the freight market becoming ever more digital in nature every passing month – whether they like it or not.
