SMEs focus too much on external threats

(22/04/2009)

According to GFI Software's SME Security Report, whilst the basics of IT security have been implemented widely (96% have installed anti-virus, 85% possess anti-spam measures and 92% assign user passwords), only a worryingly low 45% of respondents have any form of portable storage device network access management measures in place.

Walter Scott, CEO of GFI Software, comments, “Too much emphasis has historically been placed upon the need for anti-virus and anti-spam applications – external threats – and this has led to the common belief that with these, your network is secure enough. A secure network depends on many other factors and, unfortunately, the internal threat is far too often being ignored. There is a pervasive indifference towards monitoring the whereabouts of data and its ability to accessed or copied.”

Scott continues, “Endpoint security is absolutely critical even in the best financial times, but with the economy prompting more and more redundancies, there are more disgruntled employees who pose a potential risk to an organisation’s data. Network administrators must pay more attention to access rights holders’ ability to copy, edit, delete or distribute data – this need is long overdue and is only more essential in current times.”

While financial, contact, R&D and contract information is typically held on the network, 21% of respondents are unable to track where on the network any of this data is available from. This business-critical data is further at risk as written security policies to govern the use of mobile storage devices are held by only 40% of UK SMEs and of these, employees in only 25% of organisations are required to sign them to confirm adherence.

Scott concludes, “Security risks should not be their only concern. We must not forget the cost in terms of loss of productivity. Many companies do not realise how much time is lost when employees are connecting personal devices to the network, browsing the internet for non work-related material, checking their email, downloading files, and so on. If companies were to have the tools to help them understand the economics and financial costs of unmonitored internet and portable device use, I am certain that they would look at security and data in a totally different way.”

Related topics:  Authentication and identity management   Computer and PC Security   Data management and data security   Hacking and intrusion prevention   Security management and policies   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources