Does size matter? When it comes to security, the answer is yes?

Why SMBs face the same security risk as larger businesses. McAfee explains…

By Greg Day, Security Analyst, McAfee International Ltd

Europe’s 19 million small and medium-sized businesses (SMBs) are operating in an increasingly competitive environment. They are becoming more and more reliant on technology to conduct business and remain competitive. As a result cyber criminals are shifting their focus to target SMBs, as illustrated by a recent survey by the GetSafeOnline initiative showing that 44 per cent of SMBs have been attacked.

The result of these attacks can be catastrophic to small businesses. Viruses, hacker intrusions, spyware and spam can result in a number of damaging consequences such as lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. These types of effects can be damaging to any size business, but in particular an SMB, which has limited technical staff, restricted security budget and fewer backup support options meaning the business could be crippled by any of these attacks.

But worryingly the general consensus among the small business community in Europe is that they are just too small to be of any value to cyber criminals, 56% don't even think they could make cyber criminals money. As well as being naïve about the potential value they can offer to hackers, as many as 90% think they are adequately protected when it comes to IT security. This is a dangerous misconception and SMBs need to understand why they are at risk and how best to protect their business and raise IT security up the companies priority list.

This is of course a huge challenge for SMBs to address. As a security expert McAfee understands that fighting viruses, malicious code and fending off phishing (or even SMSishing) attacks is a full time job. It’s a challenge and it’s difficult to find time in the day to dedicate to this especially when the business is battling with limited resources and budget.

McAfee conducted the ‘Does Size Matter?’ research report to identify to what extent European SMBs are actually at risk and assess how much time and effort is spent on maintaining security protection. The survey found that on average SMBs have just one hour a week to dedicate to IT security. Whilst this is understandable with the challenges that smaller businesses have to face something needs to be done to address this balance.

It is unrealistic to expect small businesses to re-direct huge amounts of budget or time into the area of IT security so how best can SMBs address this issue? Firstly it is important to implement the right technology. It can be a confusing process navigating the security product landscape but by implementing a managed security product, SMBs have that pressure removed and can be confident they are receiving the right protection.

Secondly, as well as implementing the right technology there are a number of steps that SMBs can take in terms of education to ensure the business remains protected and truly does go under the radar of cyber criminals. These range from deleting emails from unknown sources, not opening attachments, as well as backing up files and keeping sensitive information such as credit card details protected. Education is key and can go a long way in terms of minimising risk.

The research proves that SMBs are as much at risk as larger enterprises and it is important for business leaders to be made aware now so steps can be put in place before the business is lost as a result of an attack. Hackers can make money out of any size business and as SMBs increasingly become digitalised and dependent on technology, this will become an even bigger problem.

Tips for protecting your systems from hackers and viruses:
1. Never open email attachments or download files from unknown sources
2. Beware of unknown emails with vague subject lines e.g. “document” or “re:document” – they could be a virus. Avoid opening email attachments when the subject line is suspicious even if it appears to come from a friend or someone you know. When downloading files from the Internet, make sure that the source is a legitimate and reputable one
3. Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, unsolicited mail that may contain viruses
4. Keep your anti-virus updated. There are over 80,000 known viruses and 500 new ones appear every month. Use anti-virus software and services that regularly update current virus information and its scanning engine
5. Back up your files. A virus can destroy your files. Make sure you backup your files regularly and keep your back up copy in a separate location from your work files, preferably not on your PC hard drive
6. Ensure your computer’s operating system is up to date by visiting the manufacturer’s website (e.g. Microsoft)
7. Never enter your credit card or password details unless you are sure the site is real / protected

McAfee International Ltd is exhibiting at Infosecurity Europe 2009, Europe’s number one dedicated Information security event. Now in its 14th year, the show continues to provide an unrivalled education programme, the most diverse range of new products & services from over 300 exhibitors and 12,000 visitors from every segment of the industry. Held on the 28th – 30th April 2009 in Earls Court, London this is a must attend event for all professionals involved in Information Security.