SMBs Playing The Ostrich When It Comes To Security

Small to medium-sized businesses  often don’t have the security policies, systems or know-how in place of their larger enterprise brethren, and that’s a lurking danger.

So says a new survey by security advisor MessageLabs. In identifying the problem MessageLabs, not surprisingly, says it also has a solution. The company is launching the Small Business Security Clinic and Makeover, a kind of IT security toolkit of resources and education.

SMBs are at greater risk to various forms of malware  due to a combination of less resources for dealing with the problem, but also policies are looser.

“I think that’s a consequence of enterprises being under a lot more pressure to implement policies to enforce regulatory compliance. Regulatory compliance inherently makes enterprises more secure,” Paul Wood, senior analyst with MessageLabs, told internetnews.com.

Based on surveys in the US and UK, MessageLabs concluded the biggest threat to cause a data breach comes from an unlikely source — junior sales men and women between the ages of 26-35 years old. Not that they do anything bad, it’s just that these unlikely villains are multitaskers, often using multiple applications at once.

“They are quite tech-savvy but not quite aware of the risk that using all of these protocols might introduce. They might be trying to do as much as they can at the same time and not thinking about what they are doing, and a lot of attacks are social engineering-based,” said Wood.

Small businesses might also be deluding themselves into thinking they are doing enough to mitigate risk, said Wood. He also said some businesses also have the perception they are not at risk because they are a small organization.

But that’s wrong. “We’ve seen an increase in targeted attacks on small businesses because they have less security in place,” said Wood. MessageLabs found that only 53 percent of small businesses have the right IT security procedures in place compared to 69 percent of enterprise companies.

The report also looked at the importance of e-mail and spam issues. The study found that almost one-third of businesses would be severely impacted if the Internet went away, but only 14 percent would feel any pain if just e-mail went away. Wood said it reflected the Web as being the engine of e-commerce.

But spam remains a problem. Only 13 percent felt it would stop being a problem, but most see it as more of a nuisance than a threat. Only 10 percent felt it was a threat and have anti-spam measures in place.

The problem, Wood argued, is that spam can overwhelm a company’s servers, and even with spam filters on, they still have to receive it for the spam filter to process it. And often times, spam is the entry point for more insidious attacks, like Trojans. “For a small business, spam could be a silent killer,” he said.