More than half of all small businesses in the U.S. — as many as 13
million — experienced a security breach last year, according to a survey by
the Small Business Technical Institute.
In response, the Council of Better Business Bureaus and Privacy &
American Business, a nonprofit think tank, have launched a new national
education initiative intended to help small business owners secure and
protect customer and other critical digital data.
According the Small Business Technology Institute survey, conducted in
July, approximately 70 percent of small businesses consider information
security a high priority, and more than 80 percent are confident that they’re
doing a great job of securing their computer networks against hack attacks
But it seems that perception is at odds with reality: 56 percent of those
polled experienced one or more serious online or offline security incidents
in the past 12 months.
Almost one-fifth of the polled small businesses do not use antivirus
programs to scan e-mail — one of the most basic security protection
measures. More than 60 percent do not protect their wireless networks with
even the simplest form of encryption, a procedure that’s not as well-known
as antivirus applications but is just as necessary.
To help small business owners strengthen their security defenses, the
Council of Better Business Bureaus is offering a free, downloadable
kit called Security & Privacy Made Simpler.
The kit is intended to demystify data-security
procedures and give small businesses a roadmap that will enable them to
secure their customer data.
“Small businesses aren’t quite in step with their larger industry
counterparts in addressing data security,” said Steve Cole, president and
CEO of the Council of Better Business Bureaus, in a statement.
believe they’re better protected than they really are, because they don’t
have in-house experts to advise them.
“This makes us all vulnerable, as small businesses are a strong part of
our economy. Business owners of all sizes need to be vigilant in protecting
their customers, their employees and themselves.”
Aimed at non-technical users, the kit emphasizes the importance of developing a comprehensive security and privacy plan and provides checklists for everyday security practices, such as restricting access to sensitive records, keeping e-mails free of personal information and training employees on new privacy and
Low-tech and high-tech data theft scams, from dumpster diving to phishing
and hacking, are detailed along with ways to thwart these schemes.
The material also points out that simple procedures like shredding
documents, spot-checking employees’ backgrounds and not responding to
phishing e-mails are just as important as buying new security software.
There is plenty of common sense advice, such as “if you don’t absolutely
need a piece of customer information, the best policy is, don’t collect it,”
and “if you possess customer data you no longer need, discard it — securely.”
Another kit, covering security procedures for managing employee data,
will be released in the fall.
The Web site will
also include downloadable educational seminars and ongoing updates about new
security and privacy developments that affect small businesses.
The program was developed with the help of two privacy and security
experts; Dr. Alan F. Westin, founder of Privacy & American Business and Dr.
Lance Hoffman, distinguished research professor, George Washington
University Department of Engineering and Applied Science.
The toolkits will also be distributed through the 116 local Better
Business Bureaus across the U.S. Corporate sponsors who are participating
in the program, including IBM, Visa U.S.A., Equifax, Verizon Wireless, The Wall
Street Journal, eBay and PayPal, will also distribute the toolkit to their
own small business customers.