News

Survey Focuses on Security Deficiencies at Small and Midsize Business

Guest access, mobile users, out-of-date software protection highlighted

• By James E. Powell
• 12/03/2008

A new survey of 200 small and midsize enterprises conducted by Napera Networks highlights how ill-prepared to meet security challenges these organizations are. For example, Napera found that 70 percent of SMEs will begin the new year with networks that are at risk of security breach. For example, over half of survey respondents said they either do not have the policies and practices needed to protect them or cannot enforce security policies they have. In fact, most of these companies are dangerously unaware of the threats that can effect mobile workers and mobile devices (such as laptops).

Keeping systems protected from the latest security threats is key to protecting the enterprises assets, but the survey found that many users are not taking the time to download updates to protect their systems from attacks. Worse, more than half of the respondents said networked computers didn’t have the latest OS updates and had no way of knowing whether the computers were, in fact, being updated. There’s a great deal of naïveté about current operations. According to Napera, “the majority believed all laptops had updated anti-malware solutions activated, [but] a large percentage did not have them activated or have no way of checking to see if they are actually enabled or updated.

Other threats from external sources were also highlighted by the survey results. For example, Napera notes that “many companies still do not have set policies or a secure way to manage or control guest access to the Internet, even though customers, contractors or other partners often need access for business purposes.”

Asked how companies handle access to the Internet by guests visiting their office, one in five respondents said they allow guests to directly connect to the network without first performing any security checks. In addition, one in eight respondents say guests can connect their printers to the company’s network. More than half of companies say they grant guest access every day.

Napera notes that “Wi-Fi security represented one of the highest risk categories.” Eighty percent of respondents have Wi-Fi access points on their network, but only one quarter (26 percent) use WPA Enterprise (which uses individual passwords and provides the strongest encryption and security). In addition, 46 percent said access was possible using a single, shared password, and 6 percent use no encryption whatsoever.

Another threat explored by the survey comes from mobile workers and the devices they use. Nearly half (49 percent) of respondents said that at least one-fifth of their staff work remotely, yet two-thirds of respondents don’t make sure mobile users or computers comply with security protocols before allowing them to connect to the network. Only slightly more than a quarter of companies (29 percent) make sure computers have been updated with the latest security software before traveling or remote employees can reconnect to their network upon returning to their office.

What respondents know is that they don’t always know how secure their environment is. According to Napera, “fifty-seven percent of respondents indicated they are only somewhat confident or not confident in the state of every endpoint that connects to their network, while 42 percent said their company does not have a clear security policy governing endpoint security.”