The security and storage behaviour of local small and medium businesses have been laid bare in a new study that has revealed some alarming truths.
The survey commissioned by Symantec and conducted by the Employers and Manufacturers Association (EMA), showed that while SMEs generally have sound practices in place to protect their data, their attitude to backing up information is more lax.
The survey found that the key driver for 90 percent of SMEs to secure and manage their information is the risk of losing valuable data.
However, while 81 percent of SMEs backup their information automatically, 16 percent still resort to manual methods, such as backing-up to USB memory drives or DVDs.
“We see this as a huge risk,” says Steve Martin, Symantec’s mid-market manager for the Pacific. “With manual backup, people have to find the time to do it and it can be overlooked.”
And even though 85 percent of SMEs say they backup continuously or daily, compared to 68 percent in 2007, eight percent only do so weekly and five percent monthly, which puts valuable company information at great risk, says Martin.
On the security front, despite 81 percent of respondents boasting a multi-level security infrastructure, which includes antivirus software, firewall and spam filtering, 47 percent say they were affected by an internet security threat such as a computer virus in the last year, while 37 percent were impacted by a phishing scam.
This highlights the changing threat landscape SMEs have to cope with, says Symantec’s Melbourne-based Pacific senior director, sales and channels David Dzienciol.
Among the major concerns identified by respondents are the rise in the use of web 2.0 applications, such as social networking sites, and mobile devices, especially as more millennials, those born after 1980, join the workforce, says Dzienciol.
Sixty percent of respondents highlighted social networking as a threat to the security of their business, while mobile devices were identified as a risk by 68 percent.
“The web 2.0 applications millennial workers access at work and the personal devices they store business data on can blur the lines between their personal life and work. This could result in an increased risk of data leakage,” he says
Social networking sites are becoming more of a target for phishing attempts, says Dzienciol.
“Malicious activity is becoming very focused on trusted websites, such as social networking sites, and is being targeted less at machines but at personal information on such sites.”
This changing threat landscape means business need to adopt a different approach to their information security, says Dzienciol. “People are now on the perimeter in securing information.”
To address this issue, companies need to consider how to incorporate policies on new technology usage into their existing security policies, systems and processes, Dzienciol adds.
This step may not be a big stretch for many SMEs, as 60 percent of respondents in the survey have put a policy in place to guide staff on internet security practices.