In a new survey from insurance giant Nationwide, just 4% of business owners said they implemented all of the cybersecurity best practices and recommendations from the U.S. Small Business Administration.

The report surveyed 400 small business owners who had anywhere between 11 and 500 employees. Most companies in the report were unaware of a variety of risks and failed to install even the most basic security measures for remote employees.

“Many employees may not realize the magnitude of risk associated with a cyberattack as they may not have engaged in a formal training process,” said Catherine Rudow, Nationwide’s vice president of cyber insurance, in a press release. “The scary truth is that many small business owners, even if they are aware of these risks, have not implemented all the proper measures of protection.”

SEE: SMB security pack: Policies to protect your business (TechRepublic Premium)

One in five small business owners that spoke to Nationwide said they provided no formal cybersecurity training to any employees at all, the number jumped to 30% for companies with 11 to 50 employees.

These figures are curious because another part of the survey shows that most companies either do understand the risks out there in the digital sphere or have already been affected by it.

Nationwide said 65% of business owners openly admitted that they had been attacked by cybercriminals before with viruses (33%) and phishing attacks (29%).

Nearly 90% of business owners said they believed that digital risks will continue to grow as more systems move online.

“What may seem like a harmless public Wi-Fi network could ultimately pose serious troubles for a business,” Rudow said in the release.

Nationwide added that 35% of businesses were completely unaware of the financial costs associated with cyberattacks and nearly 50% listed reputation risk as the main reason they would ever invest in digital security measures.

To help these companies out, Nationwide gave a broad overview of some basic best practices outlined by the U.S. Small Business Administration.

First and foremost, all companies should have security measures and rules in place to protect the most sensitive digital information you have. Small businesses need to educate employees and circulate a general understanding of the cyberthreats the company may face.

Strong, constantly-updating passwords are an easy way to promote security awareness and strong backup systems are a must. Nationwide said every company should have a mobile device action plan and a way to protect every page of your public-facing website.

It’s not good enough to just protect the checkout and sign-up pages. Companies also should employ best practices for payment cards.


Getty Images/iStockphoto