Survey: SMBs Aren't Doing Enough to Protect Data

By Larry Barrett
  • Print Article
  • Email Article

Small and midsized businesses are being targeted by hackers at a much higher rate than their enterprise counterparts, yet almost half of SMBs admit they're not using the latest and most comprehensive security software applications on the market. And some aren’t using any kind of security software at all.

The findings were disclosed in security software vendor Panda Security's second annual International Barometer of Security report (PDF format), which polled a total of 10,000 SMBs around the world, including more than 1,500 based in the U.S.

Despite greater awareness of cyber threats in general and some states' commitment to holding small and midsized businesses accountable for their security failings, 46 percent of U.S.-based companies have been victimized by cyber crooks this year, up 2 percent from last year.

"Many SMBs simply don’t have the resources in terms of budget, time and human capital to devote to protecting their computers and sensitive data," Sean-Paul Correll, a threat researcher at PandaLabs, said in a statement. "The study results are proof that IT service providers and vendors have an important role to play in educating small businesses on threats, and helping them determine the best way to protect themselves."

The survey found that 36 percent of companies use free security offerings but balk at forking over monthly subscription fees once the trial offer ends or when updated versions are made available.

In fact, 31 percent of businesses admitted they weren't using antispam applications and another 23 percent eschewed antispyware apps. A stunning 15 percent of those surveyed said they didn't even bother to have a firewall.

More than half of the 13 percent of companies that have no security apps at all said they didn't make the investment because they viewed it as unimportant or unnecessary.

It's this cavalier attitude toward protecting customer data that compelled lawmakers in three states to pass legislation that forces SMBs to repay banks for certain charges and damages for failing to implement minimal security measures to safeguard their customers' personal information.

"Even though we highly recommend free security software ... to consumers, the free software available on the market is not sufficient to secure even smaller corporate networks from all sides," Correll said. "SMBs should invest in security solutions that protect their servers and network communications, and include advanced security features such as centralized and policy-based management."

U.S.-based SMBs cited the Internet and external memory devices as the top ways in which their computers were infected (32 percent), followed by email (21 percent) and downloads/P2P infections (14 percent).

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

This article was originally published on August 27, 2010
Thanks for your registration