Small Businesses Lack IT Security

Small businesses' information systems are increasingly vulnerable to attack as more of them deploy increasingly sophisticated IT infrastructure and automate more of their business processes, according to a new survey released today by The Small Business Technology Institute (SBTI) in conjunction with Symantec. "Small businesses are just as likely to experience information security threats and risks as large enterprises, so it's pertinent they have the right resources to protect their critical assets," says Enrique Salem, senior vice president, security products and solutions, of Symantec. "Small Business Information Security Readiness," found that technology adoption by companies with one to 100 employees is growing rapidly--even among one-person, home-based businesses--in areas like networking, mobile computing, and Internet access, but not security. SBTI found many small businesses lack sufficient security control over the most basic systems, like email. Eighteen percent of the 1,024 survey respondents said their email is not secure. Sixty percent said the same about their company's wireless network connections, while 70 percent said they perform no formal information security planning to counter new threats. Small businesses consider information security a priority, but the survey showed they are not increasing their investment in protection to keep pace with the increasing number of threats. The majority of small businesses (56 percent) have experienced at least one security incident in the past year, citing computer viruses, spyware, and other malware as the main cause. Yet only 30 percent have increased spending on information security solutions, and fewer than half (41 percent) say they allocate a specific budget for these solutions. Patrick Cook, chief technology strategist for SBTI and author of the report, contends the issue is coming to the forefront given the increasing number of small businesses that are using more sophisticated IT solutions. "We're at a stage where small businesses are using more and more IT technology," he says. "As the number of smaller companies deploying CRM and other IT-related solutions increase, they need to connect themselves to company networks to do so. That increases the chances of a security incident. And it's not just with hosted models--in-house networks are just as vulnerable." Seventy percent of small businesses said security product materials could be improved to help them make more informed purchasing decisions. Additionally, these businesses feel that an increased number of security products and solutions tailored to meet their specific requirements would help. Cook's advice to small businesses is to make sure employees understand the consequences of an IT security breach. "Small businesses need to understand that as IT investments go up, so do their security investments. Also, management needs to inform employees of the consequences associated with a security incident and quantify the cost of that breach in dollar signs." As for security vendors such as Symantec and McAfee, Cook maintains they "must continue to provide products and services that are tailored specifically to small business needs." Related articles: Canadian Businesses Are Buying IT Security SMBs Are Shopping For ERP and CRM Solutions