Endpoint Security a Concern for Small Businesses

Nearly a quarter of executives said they believe lock down--when functionality of the system is restricted--is not secure.

alertsec and smb security

Businesses overwhelmingly fear that standard security precautions create a false sense of security for laptop and mobile users, according to an Alertsec survey of 1,255 executives at small to mid-size businesses.

More than two-thirds of executives (68 percent) believe auto-saved passwords are not secure and nearly half (48 percent) of executives believe never logging out of user profiles decreases security. Third on their list of top security is the need to have four to six digital passcodes (45 percent).

"As more and more information is stored in the cloud, the endpoint is now the weakest point in the security chain. Small items, such as phones, get lost easier than tablets or laptops," Ebba Blitz, president of Alertsec, told eWEEK. "So, it’s important to educate co-workers on good IT security hygiene. This means to use password locks on all devices. This is not a default setting for phones or tablets, it has to be turned on."

Blitz noted that most work is done from portable laptops, and said a user is extremely vulnerable if someone has physical access to a lost or stolen laptop, unless the device is encrypted.

"A typical user stores usernames and passwords in the browser, which means that if their laptop is hacked, a perpetrator could have full access to all data stored in the cloud," he explained. "A hack is performed with the hard drive either booted to another device or a password generator in the USB port gives the perpetrator the correct entry password. According to the Ponemon Institute, 86,000 laptops are lost each year only in Manhattan."

Nearly a quarter (23 percent) of executives believe lock-down (when functionality of the system is restricted) is not secure, while 16 percent believe that lock-ups (when multiple password attempts fail, causing restrictions) also are insecure.

Respondents said they encrypt because they fear their financial files will be compromised (39 percent), because data breaches are both very damaging (35 percent) and very common (29 percent), and because once you encrypt your work computer, you have to encrypt everything (16 percent).

Just three percent said they encrypt their PC because they fear the government is snooping into their files.

"One thing that surprised us is that 97 percent of executives see encryption as a service as a necessary tool," Blitz said. "We did not realize that the awareness had come this far so quickly. I guess all the recent breaches have spurred this awareness."

He said he was also a bit surprised to learn how few respondents were interested in snooping in others' computers.He noted that just 6 percent said they would take the chance to have a look at Hillary Clinton’s or Donald Trump’s laptop if they found it.

"Maybe this figure will increase as we get closer to the election," he said.