cybersecurity

May 2, 2013

The Sad State of CyberSecurity

Small and mid-sized businesses are failing at security. This puts them in peril and, if they're your clients, you could suffer, too.

Dave McClure

From CPA Practice Advisor’s Bleeding Edge Blog.

There is a lot of protection in being “off the grid” – in being so small and insignificant that no one even know you are there. And that is true even when it comes to CyberSecurity. I once ran a server connected to the Internet for three years, with mail server, web site, FTP site and more, without a single shred of protection.

I did it to show that average users don’t need to spend hundreds of dollars on elaborate firewalls, anti-virus schemes and other protections simply to access basic Internet services. Of course, the other part of this equation is that you must stay off of porn sites, social media, download sites, file-sharing sites or any other site that you do not know. And that you do not open any email that contains anything other than text.

I am not sure that the same experiment would stand up today, but I am sure of two things: small businesses believe they are protected from cyberthreats; and almost none of them actually are. That’s not just my opinion, but the results of a new survey by the National Cyber Security Alliance and Symantec. The survey, of 1015 small and medium-sized businesses, found that 77 percent believe they are protected, but 83 percent have no formal cybersecurity plan. And who is in charge of cybersecurity at these firms? Two-thirds of the time, it is the business owner.

The survey gets worse. Among those surveyed:

  • 87 percent don’t have a formal written Internet policy for employees.
  • 62 percent said they were very confident that their employees nonetheless were aware of the company’s formal Internet security policy and practices.
  • When it comes to social media: 75 percent of SMBs have no policy governing employee behavior
  • 77 percent feel their companies are safe from cyberthreats
  • 77 percent describe a strong cybersecurity and online safety posture a positive for their brand.
  • 59 percent have no contingency plan how to respond and report data breach losses.

Your average plumber or landscaping business might be able to exist in such an environment; your average accounting firm cannot. Accountants and tax preparers must of necessity have and store all of the information that data thieves most want to obtain – personal and financial details that enable them to easily commit identity theft or raid a client company’s bank account.

Which only means that tax, accounting and financial planning firms cannot ever afford to be without protection, a plan and a good set of procedures. And that the same goes for many of their clients, making a cybersecurity assessment a critical part of the annual audit of any small or medium-sized business.

 

Thanks for reading CPA Practice Advisor!

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more…

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...

Tags: Small Business

Leave a Reply

mcclure_10268610

Dave McClure

Contributing Writer/Columnist

Dave McClure is a U.S. Air Force veteran who flew a B-52 bomber during the Cold War, then became an Air Force Information Officer to hone his skills as a writer, editor and communications manager. He has since been a consultant in business and technology for more than three decades, with degrees in applied science and Organizational Development, with an MBA in Executive Management. He has consulted with companies ranging from Microsoft to General Electric, and has held positions as an accounting software marketing director, media editor, network engineer and professional beta tester for computer hardware and software . His career includes eight years with the NASA Space Shuttle program for BFGoodrich, more than 20 years writing for business and accounting publications, and his tenure as founder and president of the US Internet Industry Association. He is a global expert on IT, Internet and management issues, and currently serves as the co-chair of the International Internet Industry Alliance.