According to a new survey by the National Cyber Security Alliance and Symantec, more than half of America’s small businesses (53%) say it is important for new hires to have a strong proficiency in basic computer skills as it relates to online safety and security. The survey also reports that 87% of small and medium-size businesses (SMBs) have one or more employees who use the Internet for daily operations.
Other results include:
- Three-fifths (59%) of SMBs say knowing the proper use of email, social networks, and engagement online is essential (38%) or important (21%) to the safety and security of their business.
- More than half of SMBs say it is essential (41%) or important (15%) for new hires to understand protecting the privacy of information.
- More than half of SMBs say it is essential (38%) or important (20%) for new hires to know Internet security practices like password protection measures, identifying safe websites, avoiding phishing and other scams.
- More than half of SMBs say it is essential (40%) or important (15%) for new hires to have basic skills and knowledge around how to safeguard intellectual property.
"Small businesses are expressing a strong need for employees with basic skills and knowledge about how to use technology safely, securely, ethically and productively," said Michael Kaiser, executive director of the National Cyber Security Alliance. "Given the role of small businesses in our economy, it’s so important to integrate cybersecurity training into all education levels – from K-life. SMBs should also provide ongoing training to employees to be sure skills are reinforced and new skills are developed as the technology changes."
"Small businesses are a driving force of our economy, and new technologies and online services are becoming an everyday part of how SMBs run their businesses," said Brian Burch, Symantec’s vice president of Americas Marketing for SMBs. "Small business owners and employees must do a better job not only becoming better educated on cybersecurity, but also better at implementing technologies to protect themselves and the information that fuels their businesses."
The survey of 1,015 U.S. companies was conducted and released in conjunction with National Cyber Security Awareness Month.
This is one of those surveys that while seeking to make a specific case plays down its most worrisome results. The headline from the press release reads, "Majority of U.S. Small Businesses Say Digital Literacy Essential Skillset for New Hires." It should read, "When It Comes To Online Safety and Security, Nearly Half of Small Businesses Are Clueless."
According to the survey, 47% of small business owner/operators do not look for online safety and security skills in their new hires. In addition, even though most businesses (87%) have at least one employee using the Internet daily for business operations, 70% do not provide any form of online safety and security training.
The survey reveals just how naive many small companies are about the potential threat posed by dangerous, unethical or even illegal use of the Internet as well as the handling of information in digital form. There seems to be an assumption that cybercrime only impacts large corporations, even though earlier Symantec research shows that SMBs have become a key target for cybercriminals — that’s a trend, not an anomaly.
I have a radical recommendation to address the problem — cybershock treatment. With the approval of government regulators and civil liberties watchdogs, groups like the NCSA and companies like Symantec should hire teams of hackers to breach the databases and Internet sites of every SMB in the country simultaneously. The hack attack would not be damaging, just scary as hell.
It would include a message from the attackers listing all the nasty things that could be done to their businesses – espionage, data theft, data destruction, legal liability – right now. The attack would make it clear to SMBs that their employees are their first line of defense as well as their greatest vulnerability.
No offense to the NCSA, but cybershock treatment would get the point across to SMBs more rapidly and effectively than efforts such as National Cyber Security Awareness Month, which in case you missed it just ended yesterday.