Policy Is Important in SMB Security Strategies

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

One area in which SMBs will boost their IT budgets in the near future is in security, according to AMI-Partners. The firm expects SMB security spending to clock double-digit annual growth rates for the next few years.


The increases may be just in time, judging by results of some recent surveys.


MessageLabs found that just 53 percent of SMBs in the U.S. and UK have appropriate security measures in place, vs. 69 percent of their larger counterparts. A MessageLabs analyst quoted in a recent internetnews.com story says that fraudsters are all too aware of this, and have begun targeting SMBs to capitalize on their relative lack of security.


Twenty-five percent of SMB executives surveyed by CIO Insight said their companies are not adequately protected against viruses, Trojans, worms and hackers. (CIO Insight defines SMBs as companies with annual revenues of less than $500 million.)


Like AMI-Partners, CIO Insight found that SMBs plan to increase their security spending, by about 8 percent. That may not be enough to get the job done, however.


Compared to bigger businesses, SMBs are less likely to have effective security policies or to get employees to follow existing policies. For example, CIO Insight found that just six in 10 SMBs have a strong policy for how to deal with e-mail attachments, a well-known conduit for viruses.


Companies of all sizes should take their security policies seriously, said The Advisory Council's Beth Cohen in an IT Business Edge interview. She stresses the importance of educating employees, noting that, "You can throw technology at a problem, but if users don't understand the issue, (criminals) can still get around technology."


Establishing such policies is just one of five pieces of advice offered by security vendor Sophos in a recent CNNMoney.com article. Sophos also recommends using antivirus software on all desktops and servers, filtering e-mail, protecting all PCs with firewalls and regularly backing up data.