For small and medium-sized firms, ignorance is not bliss

The survey of 1,900 firms found that half of SMBs think that because they are a small company, they are not in danger from cyberattacks.

“Most SMBs don’t believe they would be targets of attacks, that it is something that would happen to large enterprises”, said Kevin Haley with Symantec Security Response.

However, according to data from, since the beginning of 2010, 40% of all targeted attacks have been directed at companies with fewer than 500 employees, compared to only 28% directed at large enterprises.

Because SMBs do not see themselves as targets, many of them are failing to take basic precautions to protect their information, the survey found.

While two-thirds restrict who has login information, 63% do not secure machines used for online banking and 9% do not take any additional precautions for online banking.

“Getting hit by a banking trojan, having cybercriminals empty your bank account, is a huge risk for small businesses. They are not protected by the bank like an end user is. An online banking attack could really crush their business”, Haley told Infosecurity.

More than half (61%) do not use anti-virus on all desktops, and 47% do not use security on mail servers/services, the survey found. “With small businesses, they haven’t reached a certain maturity stage [regarding information security]. They just don’t think that kind of thing could happen to them”, he said.

Symantec recommends that SMBs take the following measures to protect themselves against cyberattacks: develop Internet security guidelines and educate employees about Internet safety, security and the latest threats; assess security risks and gaps; and be proactive and develop a security plan.

SMBs “need to recognize that information security breaches could happen to them...and to make an honest assessment of the risks and prioritize them”, Haley said. “Then take action”, he added.

What’s Hot on Infosecurity Magazine?