Study Shows SMBs Lacking in Security Training

Paul Mah

A new study co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec of about 1,500 small and medium-sized businesses across the United States has been released. The SMBs were surveyed on areas pertaining to cybersecurity, as well as their security-related policies and practices.


Further confirming the results of an earlier study that found SMBs ignore even basic security measures, the results were nothing to write home about.


Below is a brief snapshot of the survey results, which you can access here.

  • 86 percent do not have a staffer dedicated to IT security.
  • 53 percent check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are updated; 11 percent said they never check at all.
  • 25 percent of the businesses do not ensure password protection for their wireless networks.
  • 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • 72 percent do not have formal Internet security policies.


Perhaps what struck me most was the fact that only 35 percent of SMBs provide training to their employees on the areas of Internet safety and security. Even for SMBs who say they offer training, the majority -- 63 percent -- actually offer less than five hours a year. That's just half a typical work day for you, and we haven't even started nitpicking on the topics covered or the quality of the "security" training yet.


If there is anything that can be said to be more incongruous, it would probably be the fact that these same SMBs are increasingly dealing with important information online. In the same study, 65 percent say they store customer-related data on their computer systems, 43 percent store financial records, 33 percent store credit card information, and 20 percent have intellectual property or other proprietary content.


My thinking is this: SMBs cannot possibly keep up this dismal lack of security awareness and not expect to be fallen by some major security fiasco down the road. Given the online transactions that SMBs are increasingly engaging in, it is only a matter of "when" and not "if."


So what are some steps that SMBs can take to improve their security posture? I have some ideas, which I will share over the next few posts. In the meantime, I invite you to share your thoughts on this with me.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.