According to independent research released today by Websense, Inc., small and medium sized businesses (SMBs) fail to take adequate steps to reduce the risk of data loss from Web-based security threats. The SMB State of Security (SOS) survey of 450 IT managers and employees within the United States shows that while 46% of SMB IT managers say they have software to protect company confidential data, 81% do not use software to block the use of peer-to-peer applications, block USB devices (80%), control the use of instant messaging (76%), or stop spyware from sending out information to external sources (47%) -- all growing vectors of confidential data loss.
Despite the risk of data loss, 20% of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient. Additionally, 12% of IT managers admit, while they have an Internet usage policy, they have no way of enforcing it.
The study also found that business-owned computers are left vulnerable to security threats for more than 21 days, on average, despite the daily updates promoted and offered by operating system and anti-virus vendors. In fact, only 4% of SMB employees have daily security updates on their work PC, while 11% of employees say the security software on their work PC has never been updated.
On the bright side, 94% of SMBs claim to have an Internet use policy in place, and 67% say that all companies should have equal levels of protection from Internet security threats, irrespective of their size.
Key Findings:
- Preventing Data Loss: While 46% of IT managers say they have software to protect company confidential data, 81% of SMBs do not use software to block the use of peer-to-peer applications, block USB devices (80%), control the use of instant messaging (76%), or stop spyware from sending out information to external sources (47%).
- Risky Behavior: IT security managers say the top risks to their business include employees clicking on email links from unknown sources (74%), employees sending company email to the wrong address (53%), and employees accidentally or deliberately accessing adult Web sites (50%). Alarmingly, 73% of SMB employees admit to at least one of these high-risk activities with their work-owned computer, 54% admit more than one, while 27% admit three or more.
- False Sense of Security: 99% of SMB IT managers feel their company is protected to some degree from exposure to Internet security threats. But only 22% say they feel 100% protected -- meaning 78% do not. Additionally, 20% of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient.
- Window of Exposure: The average length of time that employees have continued to use their work PCs before security is updated is 21.2 days. Only 4% of employees have daily security updates on their work PC, while 11% have never updated security on their work PC.
- Protection Overconfidence: Confidence levels in IT security are high among SMB employees, with 41% confident that their IT department protects them from every Internet security threat. However, 45% say they have some level of protection but admit they are not sure what is protected. Another 12% of employees say they do not know if their work PC is protected.
To download a free copy of the survey, visit http://www.websense.com/smbsos.
Interested in information related to this topic? Subscribe to our twice-monthly Information Technology eNewsletter.
