This shift makes sense as SMBs are facing increased threats from cyber attacks, lost devices and loss of confidential or proprietary data. The survey is based on responses from 2,152 SMB executives and IT decision makers in 28 countries in May 2010.
SMBs surveyed showed a heightened interest and increased investment in information protection. They rank data loss and cyber attacks as their top business risks, ahead of traditional criminal activity, natural disasters and terrorism. SMBs are now spending an average of $51,000 a year, and two thirds of IT staff time working on information protection, including computer security, backup, recovery and archiving as well as disaster preparedness. Eighty-seven percent of SMBs have a disaster preparedness plan, but there is still work to be done as only 23 percent rate their plan pretty good/excellent.
Loss of critical business information threatens SMBs. Seventy-four percent of SMBs surveyed are somewhat/extremely concerned about losing electronic information. In fact, 42 percent have lost confidential or proprietary information in the past. As a result, 100 percent of companies who have lost data have seen direct losses such as lost revenue or direct financial costs such as money or goods.
One of the main issues for SMBs is lost devices. Almost two-thirds of businesses polled have lost devices such as laptops, smartphones or iPads in the past 12 months. One-hundred percent have at least some devices that have no password protection and cannot be remotely wiped of their data to protect their confidential business information if lost.
Cyber attacks are a crucial threat to SMBs. Seventy-three percent of the respondents were victims of cyber attacks in the past year. Thirty percent of those attacks were deemed somewhat/extremely successful. One-hundred percent of SMBs saw losses such as expensive downtime, loss of important corporate data as well as personally identifiable information of customers or employees. These losses led to direct costs for all respondents such as lost productivity, lost revenue and loss of customer trust.
Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security, and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices.
Safeguard important business information: SMBs are facing increased risks to their confidential information so safeguarding this data is critical. One data breach could mean financial ruin for an SMB. Implement a complete protection solution to ensure proprietary information—whether its credit card information, customer data or employee records—is safe.
Implement an effective backup and recovery plan: Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep SMBs’ desktops, servers and applications running smoothly in case of disruption—whether it’s a flood, an earthquake, a virus or a system failure. One outage could mean customer dissatisfaction and costly downtime, which could be catastrophic to the business.
Secure email and web assets: Select a mail and Web security solution that can help mitigate spam and email threats so SMBs can protect sensitive information and spend more time on day-to-day activities. Spammers and phishers will use current events and social engineering tactics to get users to give up personal information such as credit card and banking information.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.