Security By the Numbers

If you’re the person responsible for keeping your small business safe from Internet attacks, you face an endless task worthy of Sisyphus himself. Ever-changing threats, tight budgets and employees who inadvertently introduce security problems into the company network can challenge even the most experienced IT guru.

WebSense, a Web and desktop security software company, commissioned a survey of 450 small business IT managers by Dynamic Markets Limited, an independent research company. The study found that many small businesses have significant gaps in their security, a disconnect between imagined and actual levels of protection, and IT managers who live in constant fear for their jobs.

According to the survey, small businesses rely on three main forms of Internet security: spyware (53 percent), software to protect confidential data (46 percent) and content filtering (40 percent). Eighty-one percent of those polled said that they lack the software to block peer-to-peer applications such as Instant Messaging (IM).

Participants also said they lacked the means to protect against data loss through iPods or USB flash drives (80 percent), IM (76 percent) and IM attachments (67 percent). And 64 percent of respondents said they are not protected against phishing attacks.

Dean Coza, the director of product management at WebSense, said that a majority of IT mangers polled in the study live in fear of losing their jobs. “Sixty-nine percent of them said that a virus attack, spyware infestation, company data leak or employees viewing adult content at work – any of these activities could get them fired.”

The study revealed three issues that frustrate small business IT managers the most: budget constraints (40 percent), lack of time to deal with security issues (35 percent) and employee behavior (33 percent).

The Employee Factor
The survey also showed that the IT managers top concerns included the risky behavior of company employees and a lack of budget to protect them. “Overconfidence and disdain for the security polices in place is a common problem with small businesses,” said Coza.

Things that keep the IT managers awake at night:

• 74 percent worry that employees will click on a link in e-mail from an unknown source
  
• 48 percent believe employees are actually doing so
  
• 43 percent said that employees send work documents to their personal e-mail accounts

“In a big corporation,” Coza said, “a trusted employee could be working hard at home, but still put the company at risk. Small businesses are exposed to the same risk, but the employees are often overconfident or unaware of that risk.”

Establishing a company-wide security policy is one way to help educate employees and keep them aware of the various threats and their individual responsibilities to the company. The survey showed that 94 percent of mid-sized companies claim to have such a policy in place, 42 percent issue a paper policy and have employees sign it, and 45 percent enforce the policy by automating content filtering employees’ Internet access.

When it comes to security, there’s no silver bullet, Coza said. If managers don’t have the time they need and employees engage in risky online behavior, then technology can help. “Smaller organizations need more technology and automation because they have less time and money than larger companies,” said Coza.

Lauren Simonds is the managing editor of SmallBusinessComputing.com