SMBs Playing The Ostrich When It Comes To Security

Small to medium-sized businesses often don’t have the security policies, systems or know-how in place the way their larger enterprise brethren do, and that’s a lurking danger.

So says a new survey by security adviser MessageLabs. In identifying the problem MessageLabs, not surprisingly, says it also has a solution. The company is launching the Small Business Security Clinic and Makeover, a kind of IT security toolkit of resources and education.

SMBs are at greater risk to various forms of malware due to a combination of fewer resources for dealing with the problem and looser security policies.

“I think that’s a consequence of enterprises being under a lot more pressure to implement policies to enforce regulatory compliance. Regulatory compliance inherently makes enterprises more secure,” Paul Wood, senior analyst with MessageLabs, said.

Based on surveys in the U.S. and U.K., MessageLabs concluded the biggest risk of a data breach comes from an unlikely source — junior sales men and women between the ages of 26-35 years old. Not that they do anything deliberately, it’s just that these unlikely villains are multi-taskers, often using multiple applications at once.

“They are quite tech-savvy but not quite aware of the risk that using all of these protocols might introduce. They might be trying to do as much as they can at the same time and not thinking about what they are doing, and a lot of attacks are social engineering-based,” said Wood.

Small businesses might also delude themselves into thinking they are doing enough to mitigate risk, said Wood. He said some businesses also have the perception they are not at risk because they are a small organization.

But that’s wrong. “We’ve seen an increase in targeted attacks on small businesses because they have less security in place,” said Wood. MessageLabs found that only 53 percent of small businesses have the right IT security procedures in place compared to 69 percent of enterprise companies.

The report also looked at the importance of e-mail and spam issues. The study found that almost one-third of businesses would be severely impacted if the Internet went away, but only 14 percent would feel any pain if just e-mail went away. Wood said it reflected the Web as being the engine of e-commerce.

But spam remains a problem. Only 13 percent felt it would stop being a problem, but most see it as more of a nuisance than a threat. Only 10 percent felt it was a threat and have anti-spam measures in place.

The problem, Wood argued, is that spam can overwhelm a company’s servers, and even with spam filters on, they still have to receive it for the spam filter to process it. And often times, spam is the entry point for more insidious attacks, like Trojans. “For a small business, spam could be a silent killer,” he said.

Adapted from

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.