SMBs are Concerned About Security, Says New Symantec Study


A new study commissioned by Symantec noted that SMBs are quickly waking up to the threat of online attacks and information loss. The 2010 Global SMB Information Protection Survey involved 2,152 small and mid-sized businesses spread across 28 countries and includes stakeholders such as owners, managers, IT staffers and consultants. If anything, its wide scope offers excellent visibility into the kind of concerns that SMBs are face.


In this instance, the cross-industry study concluded that data loss and the threat of cyber attacks has been elevated to one of the top concerns with SMBs, beyond the traditional concerns such as backup and disaster recovery.


Indeed, two-thirds of IT time is now spent on information protection -- areas such as information security, backup and recovery and preparing for disasters -- with the median spending on this pegged at $51,000. This spending can hardly be considered an insubstantial sum for most, since we are talking about organizations with10 to 499 employees.


It's clear though, that SMBs have made improvements in areas such as security software. For example, the report found 92 percent of respondents use anti-malware for endpoint protection. This is in sharp contrast with the 2009 survey in which one-third of SMBs didn't even use antivirus software. In fact, I reported then on how half the SMBs didn't back up their data either.


Bernard Laroche, senior director of product marketing at Symantec said:


"We see SMBs getting very serious about information protection - they're seeing information loss being a real threat to their company and cyber attacks continue to be a menace."


Where the findings of this years' report are concerned, Symantec also noted that:


"It is exciting to see that SMB organizations acknowledge the risks they face and are taking action to protect their information more completely."


Symantec sent me several recommendations, which I summarize below:

  • Educate employees on Internet safety and the latest threats. This training should include regularly changing passwords and protecting mobile devices.
  • Safeguard important business information and ensure that proprietary information such as credit card information, customer data and employee records are kept safe.
  • Implement an effective backup and recovery plan and ensure that business could continue seamlessly regardless of disruptions from natural disasters or system failure.
  • Secure e-mail and Web assets by mitigating spam and e-mail threats


You will find that we've already covered a number of the recommendations made by Symantec on this SMB blog - topics such as backup and disaster recovery, the importance of educating employees, and tools to help protect against data loss due to carelessness and theft. You are very much welcome, though, to let me know if there are specific topics that you would like for me to cover more.


In my next blog, I shall be taking a closer look at some of the other findings of the report.