I think most businesses are pretty good when it comes to the physical security of their property. You need badges to work onsite. Visitors need to sign in or go past a guard. Some places put up physical barriers outside. Heck, at the very least, everybody locks the office doors when they go home for the night.
Yet, it appears that SMBs are far less cautious when it comes to cyber security. A recent survey by the Small Business Authority found that only 27 percent of small business owners do a cyber security check of their network to make sure they are hacker-proof. Only slightly more, 39 percent, have their data backed up in more than one location.
I've spoken with countless security vendors and CSOs who have stressed the importance of having an outside vendor regularly check the network for potential vulnerabilities and, yet, almost three-quarters of small businesses aren't doing that. And it's not like SMBs aren't worried about cyber security. A Trend Micro survey from a year ago found that a majority of SMBs are worried about data loss through leaks and malware, as well as other security-related issues.
Barry Sloane, president and CEO of The Small Business Authority, commented on the results, saying:
With recent breaches of security at Citi Bank, Sony and The Pentagon, small business owners should be concerned and take precaution to ensure their confidential business information is protected. Our survey demonstrates that very few business owners have taken a necessary precaution of having a professional data security firm perform a current assessment of vulnerabilities on their commercial website or database applications. We believe that small to medium sized business owners need to review all aspects of their data security and disaster recovery efforts.
Unfortunately, what the poll didn't appear to ask - and what the results don't discuss - is why SMBs aren't being more proactive when it comes to their cyber security. Is it the cost involved in hiring an outside vendor to do periodic "hacks" on the system to find exploits? Do they think cyber security is something IT should be able to handle on its own, if they have an IT department at all? I would like to know how the SMBs surveyed manage their data backup and if they have an emergency or disaster plan in place.
Think of it this way: No matter how expensive you think proactive cyber security is, the backlash of data loss will cost you much, much more.