Small Businesses Weak Against Common IT Threats

Paul Mah

CDW Corporation released its 2009 Report on Small Business Resilience last month. This report was based on a survey of 613 small businesses around the country, and examined various issues such as how SMBs are responding to the economic recession, as well as factors that contribute to what is termed "business survivability."


To get a better understanding of the facts, I pored through the report and took a closer look at the demographics of the surveyed companies. According to the data, half of these companies had fewer than 20 employees, while the other half have 20 to 99 employees. Despite their smaller sizes, these companies are no just-started-yesterday establishments. Indeed, just over 80 percent of the surveyed businesses have been in business for at least five years (64 percent have been in business for more than 10 years), which I believe allows the study to portray an accurate picture of the average small business.


The following findings caught my attention:


  • 20 percent do not have anti-virus software suites.
  • 71 percent do not use any Web filtering.
  • 37 percent have no company-wide spam filtering on the e-mail server.
  • 61 percent have no enforced policies regarding downloading software and apps.


These are IT threats that any IT professional worth their salt would not have delayed in addressing. Probably related to the dismal numbers when it comes to protecting themselves against common security threats, 55 percent of those small companies with a company-wide network do not have regular IT support. Further compounding the issue, though, is the fact that a mere 46 percent even have a business continuity (BC) or disaster recovery (DR) plan.


In a way, the above findings are not surprising when taken in context of an earlier study by the National Cyber Security Alliance (NCSA) and Symantec, in which 1,500 SMBs across the United States were surveyed. While the focus of both reports was different, it is clear when looking at them that small businesses as a whole are by far the weaker party when it comes to the area of IT security.


This is a situation that is unlikely to be rectified overnight, unfortunately. What is clear to me, though, is that business owners and IT managers would be well served if they were to spend a bigger slice of their budget and efforts in securing their small businesses. Alternatively, small businesses can get an external service provider or consultant who can manage or advise on areas of their IT such as security, DR and BC.


You can download the full Report on Small Business Resilience from CDW's site.

Add Comment      Leave a comment on this blog post
Dec 22, 2009 1:45 AM Andrew P Moore Andrew P Moore  says:

We have found that the MSP and VAR space is lacking in a unified approach to security and even fewer firms are selling Defense in Depth.  Many companies are mitigating their risk by keeping their eyes closed.  I just met with a partner for another MSP saying that the security infrastructure is ripe for the taking in the SMB space-  but the right approach must be gathered. 

Using MX Logix or Postini in combination with a proven AV solution on the desktops, servers and email servers can mitigate most risks.  With an increase in Malware infections, there is a need to address unified ant-spyware on the PCS and drive content flittering on firewalls using deep packet inspection.  Sonciwalls and Trend or AVG are good cost effective solutions to implement Defense in Depth. 


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.