Call it being anti-“antivirus.” American businesses just don’t seem to realize how important anti-virus and anti-spam protection can be to their operations.
Shockingly, while nearly half of all small and medium U.S. businesses (SMBs) have been infected by viruses or malware this year, many are still operating without an Internet safety net. Thirty-one percent are operating without anti-spam software, 23 percent have no anti-spyware and 15 percent have no firewall, according to a recent survey of 1,500 American companies by Panda Security.
“One of the problems is that many SMBs donât have the employees , time or money to devote to securing their computers and sensitive data,” Sean-Paul Correll, threat researcher at PandaLabs, said in a statement.
“The study results are proof that IT service providers and vendors have an important role to play in educating small businesses on threats, and helping them determine the best way to protect themselves,” Correll said.
The research also revealed that 13 percent of American SMBs are operating without any security systems at all and 57 percent of those companies said they do not think security is important or necessary. The majority of small- and medium-sized businesses are using free security systems that are not meant for businesses, while 12 percent of businesses admit their systems are out of date.
Dan Olds, an analyst a Gabriel Consulting Group, said he was rather shocked by the study.
“I’m surprised that many businesses are so horribly under-protected,” he said. “One of the things going on is that these guys are thinking that they’re so small that no one would target them. And they’re right—no one is targeting them specifically. But the vast majority of these [attacks] are automated, essentially robots that go out scouring the Internet to find any unpatched vulnerability that they can breach. Their perception of cybercrime is that there are Mafiosos out there looking at specific businesses to try and target but that’s not the case at all.”
Olds said there are a number of things SMBs can do to protect their systems including:
- Implementing good consumer-level security like the antivirus products that are included with most computers today. “That would be a vast improvement over doing nothing,” Olds said.
- Implementing anti-spam products. “This is a must because so much of the exploits come in through spam or phishing over the Web. Phishing is the process used by cybercriminals to acquire a user’s personal information by pretending to be a trustworthy entity. “I’m guessing that if the business owners are so unsophisticated that they don’t have any security, then the employees on the Web are probably even less sophisticated and thus more vulnerable to some of the common phishing approaches.”
- Training all employees on the need for IT security. “They all need to be aware of the importance of security, how they’re vulnerable, where they’re vulnerable, those sorts of thing,” Olds said. “Companies doing commerce on the Web need to really pay attention to securing their systems.”
- Creating a process to assess, monitor and patch network vulnerabilities. “Businesses should check to make sure all their security systems are up to date,” he said. “And they should have a system in place to ensure that old employee accounts are deleted from the system once an employee leaves the company because a lot of this stuff also happens from disgruntled former employees.”
- Backing up systems in case there’s an attack. “They should have backups that span a few weeks so they can get back to systems that are clean, so they can take and bring those mechanisms back up,” Olds said. “They can go back by hand later on and get the data fixed again and find out what’s been corrupted. But in terms of just getting back up and back in business, having non-infected copies of your stuff is important.”
BusinessNewsDaily’s sister site, TopTenREVIEWS offers a review of small business antivirus software.
Olds added, “Security really doesn’t have to be expensive but it’s something they need to take on and understand that it’s just a cost of doing business and it is important.”