Education key to SMB security: GFI Software 16 December, 2007 By Vanessa Ho

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> SaaS Trumps Social Media Mike Dubrall - Gilwell Group How to Evaluate Training William Vanderbilt - Innovative Learning Channels Please join me at the Vendor Channel Management Summit in San Francisco Robert M. Cohen - Integrated mar.com Discount or Payment for Services? William Vanderbilt - Innovative Learning Channels Goal Setting William Vanderbilt - Innovative Learning Channels

"This link between end user and quality of security in a company appears to be strong," said David Kelleher, global PR coordinator with GFI Software, a company that develops network security, content security and messaging software. "The end user is confirmed as the weakest link in the company and despite having all the security measures in place, the employee is the problem."

The survey interviewed 455 IT executives at small- to mid-sized businesses (SMBs) in the U.S. Other findings include employees were not the only people who needed to be educated. One in four IT executives wanted senior management to have a better understanding of security issues as this could have a bearing on the overall level of network security, and possibly, the range of security measures that could be implemented.

"It is a question of everyone in an organization is aware that security is a threat, and whatever data you have on a company's network is precious and any downtime means they are going to suffer losses . . . and they can't afford to suffer a breach. Everybody in an organization has to understand they play an important role in securing the company and securing the company's profitability and credibility," Kelleher said.

Simon Reed, vice-president of engineering with GFI Software said that educating employees and senior management is not about picking out a particular action but educating them on things like not bringing personal computing habits into the work environment. For example, Reed cited that employees should think twice before they bring in their iPod, smart phone or USB stick as well as downloading peer-to-peer applications and using Facebook and similar social networking sites during the workday.

"Educate those guys about sound working practices and hopefully arm them enough to think twice before they do that lunch time surfing or attempt to continue on something they were doing at home."

Kelleher added that education is also about teaching the little things like not to open e-mail attachments from people they don't know or were not expecting, as that could lead to the downloading of malware.

Thirty-two per cent of the companies surveyed noted that they had suffered a breach over the past 12 months mainly due to a virus attack (69 per cent), followed by infected Internet downloads (30 per cent), and loss of hardware, such as laptops (24 per cent). Only 2 per cent reported a breach involving some form of fraud or identity threat.

When asked about their major daily concerns, 71 per cent of respondents cited downtime and tackling security issues, while 51 per cent said user support was a daily concern.

Another finding of the GFI survey was that 42 per cent of the SMBs surveyed said that despite having anti-virus, anti-spam and firewall installed they were still considered that their network was not secured. "This casts doubt on the traditional approaches to security within companies," said Kelleher.

From a financial perspective, the survey showed that spending on security measures was relatively low with 55 per cent of SMBs saying they spent less than 10 per cent of their IT budget on security. 38 per cent said they allocated between 11 per cent and 30 per cent of the budget to security, while only two per cent said they spent more than half of the budget on security.

Despite fewer resources being allocated to security, 77 per cent of respondents were satisfied and felt that their budget was enough to cover their security requirements. However, the survey also showed that just over 50 per cent of respondents found it difficult to convince management to invest in security solutions like protecting the end points and protecting the use of portable devices or consumer devices on the network. Only 15 per cent said it was very easy.

"SMBs don't have the level of knowledge and experience in the security space that large and enterprise businesses have in order to correctly apply security products in their environment. It is very much driven by past experiences and not current practice, which is why we believe a good portion of SMBs are struggling with security in this day and age," said Reed.

He added that the best person for SMBs to turn to help with security is a trusted partner like a reseller that they go to for hardware and software. Reed said a channel partner gives huge scope to add significant value than just provide software and software advice. "They themselves become an expert in a particular area and not only advise the company in relation to buying software products but also undertake a risk assessment at that company and advise them with more depth on what that SMB should be doing to correctly manage the risk associated with an IT infrastructure."