As large businesses have hardened their defenses in recent years, smaller organizations have become an increasingly attractive target for cyber criminals.
That was the consensus of a group of panelists speaking at the recent annual Visa Security Summit in Washington.
Many small businesses are woefully unprepared to protect themselves, said Charles Matthews, president of the Washington-based International Council for Small Business (ICSB). He cited industry studies revealing that 60 percent of small organizations lack wireless encryption, nearly 20 percent lack antivirus software, and about two thirds “don’t have a security plan in place.” Although he didn’t cite a figure, he said the lack of a firewall is “one of the biggest issues I see."
Many smaller organizations also underestimate their risk, said Chris Gray, director of innovation policy at the Ottawa-based Canadian Chamber of Commerce. In a survey conducted by his office, two-thirds of small and medium-sized businesses (SMBs) thought large companies were “the main target for cybercrime,” he said. But he said about 85 percent of the cyber fraud he sees occurs among SMBs.
The panelists agreed small businesses should emphasize simple measures. This should include regular security system updating and patching, said Matthews. It should also include encrypting wireless routers and changing default passwords into strong ones, he said.