The result is a security plan that covers some areas but leaves many others exposed, said Stenovich, a principal at Dallas security solutions provider M&S Technologies.
"Theyre thinking [anti-virus] protection, anti-spam software; not intrusion protection, system backups," Stenovich said. "I feel their pain. Im a small business owner too. They have to prioritize, and they end up with gaps in their protection."
A survey released last month by Quocirca, a United Kingdom-based research company, reveals just how common that dilemma is.
The Quocirca report, "Achieving Best Practice in IT Management for SMEs," which is based on a poll of 241 companies with 1,000 or fewer employees, shows that less than 25 percent of SMBs are fully protected against intrusions and security vulnerabilities; most respondents said they lack the time, money and resources to be fully prepared.
Some highlights of the report include:
- 25 percent of SMBs, even some of the larger companies, lack a dedicated IT staffer.
- 75 percent of companies maintain high-speed Internet connections, but only 25 percent have checked the security of those lines in the last year.
- 30 percent have had their ability to operate affected by computer virus; 20 percent by a worm and 15 percent by a hacker.
- Less than 50 percent maintain any spyware protection.
- Between 40 percent and 80 percent of SMBs back up servers; size seemed to be the greatest indicator of whether a company would back up its servers.
- Less than 20 percent of all companies back up PCs at least once a day, even though thats where most of the work and recent data sits; less than 10 percent of the smallest companies back up PCs at least once per day.
- Industry and geography played no role in network vulnerability.