SMBs Waking Up to Data Security Threats

In the past year, small and midsized businesses have performed a rather remarkable about-face when it comes to how they prioritize and budget for security software and services needed to protect both their own and their customers’ most sensitive data.

According to a Symantec (NASDAQ: SYMC) survey of 2,152 executives and IT administrators at companies with between 10 and 499 employees, the majority of SMBs are now making data security their top IT priority compared to just 15 months ago, when the majority admitted they had yet to implement even the most basic data security technologies and policies and more than 33 percent didn’t even have basic antivirus software applications installed.

This sea change in organizational philosophy boils down to a matter of dollars and common sense. Lawmakers are pressing companies of all sizes to take more responsibility for protecting their customers’ data by passing legislation that spells out the minimum security standards they must meet and provides for the assessment of stiff fines for data breaches — accidental or otherwise.

After years of either ignoring or neglecting their security infrastructure, small and midsized businesses are now coming to terms with the fact that it’s more expensive not to invest the money and staff required to keep hackers, phishers and garden-variety cybercrooks at bay.

“Small and mid-sized organizations are facing increased risks to their confidential information — including bank account numbers, credit card information and customer and employee records,” Bernard Laroche, Symantec’s senior director of product marketing, said in the report. “It is exciting to see that SMBs acknowledge the risks they face and are taking action to protect their information more completely.”

But this protection comes at a price: SMBs on average spent $51,000 each on data protection, a figure that’s expected to jump considerably in 2010. Also, about two-thirds of each IT staffer’s day is devoted specifically to security-related issues.

As it turns out, missing or stolen devices like USB drives, smartphones or laptops inflict a disproportionate amount of damage to SMB networks, a fact that makes sense considering most small companies rely exclusively on these devices for day-to-day operations and usually don’t have the financial or IT resources to lock them down or remotely disable them the way a Fortune 500 company can or at least should.

More than two-thirds of executives surveyed said they had lost an iPad or a smartphone in the past year and a full 100 percent said they had at least some devices in their organization that were not password protected and could not be remotely wiped of its data if it were misplaced.

Seventy-four percent of the IT decision makers polled said they were either “somewhat” or “extremely” concerned about losing electronic information — a fear that seems well justified considering that 42 percent of these same execs admitted they had lost confidential or proprietary data in the past year.

These figures are especially concerning when juxtaposed against a recent Javelin Strategy & Research report that found that 11.1 million U.S. adults were the victims of identity theft last year. Consumers and businesses lost a combined $54 billion identity theft last year, up 12 percent from 2008.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.