Newsletters Welcome, Guest Log In | Register
Blogs:

Paul Mah

SMB Tech

Expert tech insight and advice for small businesses with big goals

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Study Shows SMBs Lacking in Security Training

Posted by Paul Mah Oct 29, 2009 5:30:24 AM

A new study co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec of about 1,500 small and medium-sized businesses across the United States has been released. The SMBs were surveyed on areas pertaining to cybersecurity, as well as their security-related policies and practices.

 

Further confirming the results of an earlier study that found SMBs ignore even basic security measures, the results were nothing to write home about.

 

Below is a brief snapshot of the survey results, which you can access here.

  • 86 percent do not have a staffer dedicated to IT security.
  • 53 percent check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are updated; 11 percent said they never check at all.
  • 25 percent of the businesses do not ensure password protection for their wireless networks.
  • 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • 72 percent do not have formal Internet security policies.

 

Perhaps what struck me most was the fact that only 35 percent of SMBs provide training to their employees on the areas of Internet safety and security. Even for SMBs who say they offer training, the majority -- 63 percent -- actually offer less than five hours a year. That's just half a typical work day for you, and we haven't even started nitpicking on the topics covered or the quality of the "security" training yet.

 

If there is anything that can be said to be more incongruous, it would probably be the fact that these same SMBs are increasingly dealing with important information online. In the same study, 65 percent say they store customer-related data on their computer systems, 43 percent store financial records, 33 percent store credit card information, and 20 percent have intellectual property or other proprietary content.

 

My thinking is this: SMBs cannot possibly keep up this dismal lack of security awareness and not expect to be fallen by some major security fiasco down the road.  Given the online transactions that SMBs are increasingly engaging in, it is only a matter of "when" and not "if."

 

So what are some steps that SMBs can take to improve their security posture? I have some ideas, which I will share over the next few posts. In the meantime, I invite you to share your thoughts on this with me.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Network Security

Protect and preserve your network, your data and the life of your business

Blog: Communicating E-Commerce Security Efforts with Consumers

Article: NSF Problem Proves Basic Content Filtering No Longer Enough

White Paper: Bullet-Proofing Instant Messaging

Related Topics

Anti-Virus Solutions, SMBs, User Policies

Featured White Papers

Browse

Web Security SaaS: The Next Generation of Web Security

This white paper describes the next generation of Web security and identifies the critical elements that make for lower-cost and easier-to-manage Web security solutions.

Should You Install Messaging Security Software on Your Exchange Server?

This white paper discusses the detailed results of an Osterman Research survey on messaging security software and conclusions about administrators' attitudes regarding installing third-party software on the Exchange server.

Resource Centers

Browse

Data Loss Protection

Data-loss prevention tactics, technologies and best practices to protect your sensitive and valuable company data.

Featured Whitepapers

Realizing Enhanced Productivity and Timely ROI from Your DLP Security Technology

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Security SaaS Solutions

Hosted security solutions that not only protect your data, but reduce your security management TCO, as well.

Featured Whitepapers

Why Security SaaS Makes Sense Today

Premium Tools

Browse

IT Security Manual Template

Immediately download a customizable set of documents and templates that covers every aspect of IT Security. These templates are compliant with ISO27000, HIPPAA and Sarbanes oxley standards.

Learn more >

The IT Governance and Compliance Toolkit

This Toolkit is a collection of templates and instructional documents that help you assess and establish the crucial policies that you need to operate a secure and compliant IT organization.

Learn more >