The survey showed that although the majority of SMBs (61%) have security policies in place regarding Internet use, far fewer have the means to monitor and/or filter the HTTP traffic: Less than half (47%) say they have the means to do so. However, 15% of SMBs do indicate they are considering adding monitoring and/or filtering capabilities, and an additional 5% said implementation is planned.
"The results pose an interesting question that SMBs should be asking themselves: 'If half are monitoring Internet activity in the business, why aren't I?'," said Walter Scott, CEO of GFI Software. Nearly half of those surveyed are lagging their peers and this indicates that they are not aware of the risks that come with uncontrolled Internet access. It is not a case of 'big brother' but rather one of 'keeping alert' and being 'prepared'. With monitoring in place, management has a front-line view of Internet activity in the company."
Of those using Web filtering software, the majority (67%) said they use it for security against virus and malware downloads, 55% to prevent illegal and/or unacceptable Web browsing and only 36% to monitor employee browsing activity.
Scott continues: "Monitoring employees' web activity goes beyond simply checking who is doing what online and how much time is spent browsing the Internet. Web monitoring and filtering is key to preventing malware from being downloaded and infecting the network. We also often forget that we are living in a society that is becoming increasingly litigious. Web monitoring and Web filtering give business owners the ammunition they need to counter any claims from clients or employees. It is also management's fiduciary responsibility to have the data for when it is needed. The risks are too high for businesses today."
The survey also gives an indication of how threats are perceived and their source. According to the survey, the IT security threats that most concern SMBs are accidental data corruption, malware attacks and external. Fifty-one percent (51%) said that they are concerned about Web-borne malware. However, only 9% said they are concerned about internal threats. The threat posed by employees leaving the company with confidential data was of concern to only 26%, the lowest rated.
Email compliance and eDiscovery appear to be low on the list of priorities for many of the respondents. When asked if they have rules or policies governing the storage and/or retention of emails, 63% said they did not have any rules stating where emails should be stored, however of those 18% said they were planning to do so. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).
Scott concludes, "Once again, we see SMBs either ignoring or unaware of the implications of their actions. Compliance is a major issue in the US and the penalties for non-compliance can be crippling for a business, however, it is surprising, even shocking that SMBs do not have procedures in place to regulate where emails are stored and for how long. Businesses are taking too long to catch up. They need to be proactive because their business could be at stake."
The full survey report is available for download at http://www.gfi.com/documents/SecurityReport2009.pdf.
This survey was sponsored by GFI to assess the readiness of the small and medium businesses (SMBs) in the U.S. in dealing with security issues, and to determine how priorities in IT security have changed in the SMB market due to the current economic environment. The online survey was conducted among 540 IT professional's using an IT panel managed by e-Rewards. The panel, comprised of approximately 250,000 members, is representative of a large number of IT professions/titles, including CIOs. The survey was sent to 19,067 members on the IT panel during the period July 27 through August 6, 2009. Participants were screened to ensure they were an IT professional with decision-making authority or specific responsibility for IT security, and work at a SMB that has 500 or less employees. The survey's sampling error is plus or minus four percentage points for values at or near 50 percent, given a 95 percent confidence interval.
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.