The security company polled 100 SMBs in the United States and found that 22 per cent of respondents were not PCI DSS compliant, while another 14 per cent were not sure if they were PCI compliant.
Other results of the study also showed that many SMBs do not enforce strong security practices, like password security, which leaves them open to cyber attacks, data breaches, and regulatory violations.
Other issues that cropped up in the survey include a lack of security for free Wi-Fi services in stores, failure to enforce staff password changes at least once per year, and inadequate policies for disposal of sensitive data.
“This survey was eye-opening for us. Despite looming threats and stiff compliance penalties, more than a fifth of SMB retailers are still not PCI compliant, while many are falling short of security best practices like password safety,” said Patrick Bedwell, VP, product marketing, Fortinet.
To address these issues, retailers are increasingly asking for solutions that will streamline their security needs. Eighty per cent of respondents said they would like to see multiple security solutions, such as video cameras, DVRs, and alarm systems, housed in a single device.
As for security management, 53 per cent of retailers polled said they are managing their own security systems on site, while 18 per cent said they are relying on a third-party managed security services provider (MSSP). Twenty-nine per cent specified that they currently manage their own security, but are looking at enlisting the help of an MSSP in the future.