40 percent of small and medium-sized businesses have suffered a security breach due to unsafe web surfing, and nearly one-third still do not have a policy to govern the use of social networking sites, say the results of a recent GFI survey of 200 U.S.-based IT decision makers.

Interestingly, the results also show that even in the face of such infections, a majority of web monitoring software users do not cite defense of their network as the main driver for deploying such a solution.

24 percent of all respondents use it mainly to ensure employee productivity; 13.5 percent to conserve network bandwidth and speed; and 11.5 percent to prevent employees from visiting inappropriate sites. 11.5 percent of all respondents do not use web monitoring or filtering software at all.

Key findings from the survey include:

• Two in five SMBs know with certainty that they have suffered some sort of security breach as a result of employees navigating to websites that host malware, infected downloads or have been corrupted by malicious code.
• 55% of SMBs that use a web monitoring solution indicate that defense against infected websites is not their main priority
• 70% of those not using web monitoring or filtering software claim that web use is not a problem in their organization.
• Nearly one in three (27.5%) of SMBs do not have a policy in place to govern employee use of social networking sites such as Facebook and Twitter.
• 16% of SMBs have a social networking use policy, but have no way of monitoring whether employees are adhering to it.
• 42.5% of respondents do not have a solution in place that measures the safeness of a given website based on a rating of its reputation, but 27% say this is a capability they would be interested in.

“The survey results indicate a lack of awareness about the full capabilities of web monitoring software and how these solutions are evolving into critical components of effective SMB network security practices,” said Phil Bousfield, general manager of the Infrastructure Business Unit at GFI. “Protecting the network from malicious websites and downloads should be a top priority for IT managers in addition to concerns over employee productivity and bandwidth management."

"Web monitoring solutions that equip IT administrators with an additional layer of network defense against online threats and provide employees with the tools they need to make better, safer decisions while online go a long way in helping SMBs balance the benefits of Internet access with the risks it creates.”