SMBs Put Information Protection at Top of IT Priority List -- Finally

The just-released 2010 Global SMB Information Protection Survey from Symantec shows that small and midsize firms (those with between 10 and 499 employees) have put "protecting information" at the top of their IT priority list. It's about time.

According to Bernard Laroche, senior director of product marketing at Symantec, this finding is in sharp contrast to conditions 15 months ago, when “a Symantec survey found one-third of SMBs did not have the most basic protection of all -- antivirus protection."

Yikes!

"It is exciting to see that SMBs acknowledge the risks they face and are taking action to protect their information more completely, Laroche adds. No doubt.

The survey of 2,152 SMB executives and IT decision makers from 28 countries was conducted in May. Symantec says the enterprises surveyed report a "heightened interest and increased investment in information protection." The respondents put data loss and cyber attacks at the top of their "business risks" list, beating out traditional criminal activity, natural disasters, and terrorism.

Companies are putting their staff's time (and a part of their budget) where their mouths are. Symantec says SMBs spend $51,000 a year on average on information protection, and two thirds of IT staff time is spent on such areas as "computer security, backup, recovery and archiving as well as disaster preparedness."

There's other good news: 87 percent say they have a disaster preparedness plan in place. Unfortunately, less than one-quarter of these firms (23 percent) say their play is "pretty good" or "excellent."

The rise in attention may be due to what SMBs have experienced: 42 percent have at some time lost confidential or proprietary information, 73 percent were cyber-attack victims themselves in the past year (30 percent of those attacks were rated as somewhat or extremely successful). All reported losses, including "expensive downtime, loss of important corporate data, as well as personally identifiable information of customers or employees." .It's no surprise, then, that 74 percent say they are somewhat or extremely concerned about losing electronic information.

Among the key concerns: loss of physical devices. Almost two in three respondents say they have lost laptops, smartphones, or tablet devices (such as iPads) in the last year. What's worrisome is that 100 percent report that they have at least "some devices that have no password protection and cannot be remotely wiped of their data to protect their confidential business information if lost."

Their survey announcement includes these four recommendations:

Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security, and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices.

Safeguard important business information: SMBs are facing increased risks to their confidential information so safeguarding this data is critical. One data breach could mean financial ruin for an SMB. Implement a complete protection solution to ensure proprietary information -- whether its credit card information, customer data or employee records -- is safe.

Implement an effective backup and recovery plan: Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep SMBs’ desktops, servers and applications running smoothly in case of disruption -- whether it’s a flood, an earthquake, a virus, or a system failure. One outage could mean customer dissatisfaction and costly downtime, which could be catastrophic to the business.

Secure e-mail and Web assets: Select a mail and Web security solution that can help mitigate spam and e-mail threats so SMBs can protect sensitive information and spend more time on day-to-day activities. Spammers and phishers will use current events and social engineering tactics to get users to give up personal information such as credit card and banking information.

You can access the report in PDF form http://www.symantec.com/content/en/us/about/media/pdfs/SMB_ProtectionSurvey_2010.pdf?om_ext_cid=biz_socmed_twitter_2010Jun_worldwide_SMB here. No registration is required.

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 06/22/2010