SMBs Suffer from a False Sense of Security

Sept. 5, 2007
Research shows disconnect between perceived and actual levels of security in SMB community

According to independent research released today by Websense, Inc., small and medium sized businesses (SMBs) fail to take adequate steps to reduce the risk of data loss from Web-based security threats. The SMB State of Security (SOS) survey of 450 IT managers and employees within the United States shows that while 46% of SMB IT managers say they have software to protect company confidential data, 81% do not use software to block the use of peer-to-peer applications, block USB devices (80%), control the use of instant messaging (76%), or stop spyware from sending out information to external sources (47%) -- all growing vectors of confidential data loss.

Despite the risk of data loss, 20% of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient. Additionally, 12% of IT managers admit, while they have an Internet usage policy, they have no way of enforcing it.

The study also found that business-owned computers are left vulnerable to security threats for more than 21 days, on average, despite the daily updates promoted and offered by operating system and anti-virus vendors. In fact, only 4% of SMB employees have daily security updates on their work PC, while 11% of employees say the security software on their work PC has never been updated.

On the bright side, 94% of SMBs claim to have an Internet use policy in place, and 67% say that all companies should have equal levels of protection from Internet security threats, irrespective of their size.

Key Findings:

  • Preventing Data Loss: While 46% of IT managers say they have software to protect company confidential data, 81% of SMBs do not use software to block the use of peer-to-peer applications, block USB devices (80%), control the use of instant messaging (76%), or stop spyware from sending out information to external sources (47%).
  • Risky Behavior: IT security managers say the top risks to their business include employees clicking on email links from unknown sources (74%), employees sending company email to the wrong address (53%), and employees accidentally or deliberately accessing adult Web sites (50%). Alarmingly, 73% of SMB employees admit to at least one of these high-risk activities with their work-owned computer, 54% admit more than one, while 27% admit three or more.
  • False Sense of Security: 99% of SMB IT managers feel their company is protected to some degree from exposure to Internet security threats. But only 22% say they feel 100% protected -- meaning 78% do not. Additionally, 20% of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient.
  • Window of Exposure: The average length of time that employees have continued to use their work PCs before security is updated is 21.2 days. Only 4% of employees have daily security updates on their work PC, while 11% have never updated security on their work PC.
  • Protection Overconfidence: Confidence levels in IT security are high among SMB employees, with 41% confident that their IT department protects them from every Internet security threat. However, 45% say they have some level of protection but admit they are not sure what is protected. Another 12% of employees say they do not know if their work PC is protected.

To download a free copy of the survey, visit http://www.websense.com/smbsos.

Interested in information related to this topic? Subscribe to our twice-monthly Information Technology eNewsletter.
About the Author

Brad Kenney | Chief Marketing Officer

Brad Kenney is the former Technology Editor of IndustryWeek and now serves as director of the mobile/social platforms practice at R/GA, a global marketing/advertising firm in New York City.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!