It is estimated that nearly 90 percent of all data breaches involve insider negligence, yet the results of survey announced by GFI Software revealed that nearly half of SMBs underestimate the impact uncontrolled access to the Internet can have on their organization – in terms of network security, productivity levels and HR.
The survey showed that although the majority of SMBs (61%) have security policies in place regarding Internet use, far fewer have the means to monitor and/or filter the HTTP traffic: Less than half (47%) say they have the means to do so. However, 15% of SMBs do indicate they are considering adding monitoring and/or filtering capabilities, and an additional 5% said implementation is planned.
“The results pose an interesting question that SMBs should be asking themselves: “If half are monitoring Internet activity in the business, why aren’t I?’,” said Walter Scott, CEO of GFI Software. Nearly half of those surveyed are lagging their peers and this indicates that they are not aware of the risks that come with uncontrolled Internet access. It is not a case of “big brother’ but rather one of “keeping alert’ and being “prepared’. With monitoring in place, management has a front-line view of Internet activity in the company.”
Of those using Web filtering software, the majority (67%) said they use it for security against virus and malware downloads, 55% to prevent illegal and/or unacceptable Web browsing and only 36% to monitor employee browsing activity.
According to the survey, the IT security threats that most concern SMBs are accidental data corruption, malware attacks and external. Fifty-one percent (51%) said that they are concerned about Web-borne malware. However, only 9% said they are concerned about internal threats. The threat posed by employees leaving the company with confidential data was of concern to only 26%, the lowest rated.
Email compliance and eDiscovery appear to be low on the list of priorities for many of the respondents. When asked if they have rules or policies governing the storage and/or retention of emails, 63% said they did not have any rules stating where emails should be stored, however of those 18% said they were planning to do so. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).
Scott concludes, “Once again, we see SMBs either ignoring or unaware of the implications of their actions. Compliance is a major issue in the US and the penalties for non-compliance can be crippling for a business, however, it is surprising, even shocking that SMBs do not have procedures in place to regulate where emails are stored and for how long. Businesses are taking too long to catch up. They need to be proactive because their business could be at stake.”