Fred Mitchell, Symantec Business Unit Manager at distributor Drive Control Corporation (DCC)
Small and medium businesses (SMBs) make up a large proportion of the South African business landscape and as such contribute much to the economy of the country. However, a recent survey conducted by Symantec shows an alarming trend among these businesses, that many of them are subject to serious information security vulnerabilities.
Among the results from the survey included the finding that while security and data protection are top priorities for SMBs, many of these organisations fail to act on these concerns and as a result there is a gap between desired and actual levels of information security. Cited reasons for this included budgets, staffing and time constraints.
Because of the prevalence of SMBs and their importance to economic recovery, this issue is cause for concern and security needs to be improved within these businesses. As with larger organisations, SMBs need to protect their organisations from a variety of information and security concerns, including viruses, spam, data breaches, phishing, network security, loss of data via email, USB and other devices and even insider attacks. And the truth is most organisations are well aware of this need.
Most SMBs understand that they need to protect their information as a matter of priority, by implementing solutions for the backup and recovery of data, archiving of data and emails as well as disaster recovery planning and strategy.
This shows that there is a clear understanding of the business risks that affect these organisations the most, however there appears to be again a gap between comprehending the concerns and risks and actually reducing these concerns and risks by implementing appropriate solutions to protect the business.
According to the organisations surveyed, despite an awareness of the risks faced and the knowledge of how to mitigate this risk, a frightening number of SMB organisations do not even have basic systems in place to protect business information.
Many organisations have no protection against viruses or spam, which is the most basic level of protection and without which organisations are needlessly exposed to a host of malicious attacks on a daily basis, through email or even just browsing the web. Even if these securities are in place, others have only half measure protection in place, such as backup and recovery of servers but not desktops and laptops, or antivirus software that does not include mobile devices connected to the network.
Another issue is that most SMB organisations do not have a dedicated IT staff member, and budgets for IT security and storage are typically very low. This means that while the business is trying to grow by taking advantage of outside opportunities, the internal risks they are taking by not having adequate security in place are often ignored.
While protecting the organisation from threat seems to fall by the wayside in a lot of cases, the consequences of not having adequate protection can be extreme, including lost sales, lost customers and severe disruptions to business which can actually shut the organisation down if care is not taken.
Causes of breaches in security and data protection run the gamut from system breakdowns and hardware failure to lost or stolen devices, human error, loss or theft of backup tapes, out-of-date security systems, natural or onsite disasters, deliberate sabotage, improper security procedures and a lack of education around security.
In order to mitigate risk from these occurrences, simple, cost effective protection measures can be put into place to ensure that when things do go wrong, the business does not collapse under the strain. Firstly, staying informed should be a top priority. Information is free and staying aware of trends in security and threats can help organisations to understand how best to defend against them.
Next, backing up data is vitally important. Even though it may be tedious and time consuming it is a vital aspect of security to protect against disaster, hardware failure and the like. Internal policies and controls can also go a long way towards improving security from the inside out. Physical security can also not be forgotten, simple things like locking doors and having alarm systems in place can prevent devices from being stolen.
Finally, consider implementing a system from a leading data protection and security solutions provider, such as Symantec. Using a solution from a reputable provider, such as the Symantec Protection Suite, provides comprehensive protection for any SMB, across laptops, servers, messaging gateways as well as backup and recovery environments.
These solutions are designed specifically for the needs of the SMB, scaled and priced accordingly, and can help defend against new malware and spam threats while allowing for the backup and recovery of computers and information in the event of a problem.