Fortinet has published the results of a study conducted on 100 US-based small and mid-size businesses from the retail sector. No wonder so many small retailers are having their systems breached these days. It turns out that 22% of them are not PCI DSS compliant.
Furthermore, 14% of companies don’t know if they’re compliant or not. Over half of respondents say they’re unaware of the security breach requirements of the state they’re operating in. 40% don’t have policies in place to make sure the requirements are met.
Strong security practices, such as the ones related to passwords, are often neglected, exposing many organizations to data breaches and regulatory violations.
The fact that many SMBs lack proper security measures doesn’t expose their customers only to data breaches in which their personal details could become compromised. For instance, 15% of respondents admitted not enforcing any kind of security policy for the free Wi-Fi they’re offering to customers.
On one hand, 60% of small retailers have password protection, which they enforce regularly. The other 40% of organizations don’t ask their employees to change their passwords at least once every year.
When it comes to data disposal, 29% of organizations don’t have a plan in place for such operations. 59% have a data disposal plan, while 12% are completely unaware of such policies.
As they’re looking to improve their security, 80% of the interviewed organizations say they’d like to see solutions that include both physical (alarm systems, video cameras) and cyber security (firewall, antivirus) mechanism.
“This survey was eye-opening for us. Despite looming threats and stiff compliance penalties, more than a fifth of SMB retailers are still not PCI compliant, while many are falling short of security best practices like password safety,” stated Patrick Bedwell, vice president of product marketing for Fortinet.
“The survey also confirmed that — as with larger retailers — SMBs have a strong interest in big-data analytics, as well as standalone products that incorporate both network and physical security capabilities within a single appliance.”