Symantec just released "Cybersecurity Report on Small Businesses: Study Shows Gap between Needs and Actions."
The title kind of says it all, doesn't it?
The study was an online survey of small businesses and found that while most businesses rely heavily on the Internet and handle a good deal of personal and sensitive data, information security is lagging. Whether it is due to lack of resources for technology and/or staff or because the companies haven't developed a security policy, the report showed there is a great disparity in what companies should be doing and what they actually are doing.
Instituting a security plan might sound more daunting than it actually is. As the report stated:
It doesn't take much time or money for a small business to reduce security risks substantially. Security awareness is the first essential step, based on clear policies and followed by implementation of automated technologies to protect critical business information against a growing array of internal and external threats.
My colleague Paul Mah provided an excellent checklist of the security processes that SMBs should have in place. Nothing is extravagant or out of the ordinary; all are very easy to implement (such as making sure anyone using Internet Explorer is upgraded to the most recent release and not using IE6) or are common-sense business practices (backup and data recovery systems).