Study: SMBs Overconfident in IT Security

According to Websense, SMBs fail to take adequate steps to reduce the risk off data loss from Web-based security threats

SAN DIEGO -- According to independent research released today by Websense, Inc. (NASDAQ: WBSN), small and medium sized businesses (SMBs) fail to take adequate steps to reduce the risk off data loss from Web-based security threats. The SMB State of Security (SOS) survey of 450 IT managers and employees within the United States shows that while 46 percent of SMB IT managers say they have software to protect company confidential data, 81 percent do not use software to block the use of peer-to-peer applications, block USB devices (80 percent), control the use of instant messaging (76 percent), or stop spyware from sending out information to external sources (47 percent) – all growing vectors of confidential data loss.

Despite the risk of data loss, 20 percent of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient. Additionally, 12 percent of IT managers admit, while they have an Internet usage policy, they have no way of enforcing it.

The study also found that business-owned computers are left vulnerable to security threats for more than 21 days, on average, despite the daily updates promoted and offered by operating system and anti-virus vendors. In fact, only 4 percent of SMB employees have daily security updates on their work PC, while 11 percent of employees say the security software on their work PC has never been updated.

On the bright side, 94 percent of SMBs claim to have an Internet use policy in place, and 67 percent say that all companies should have equal levels of protection from Internet security threats, irrespective of their size.