Small Business: Network Security Survey
A network security survey which examines the top threats and solutions for small businesses.
A majority of small businesses operate on a PC and server network. These networks store critical company information, and to ensure smooth daily operations this information must be both available and secure. Too often these small businesses are unaware of the security risks which threaten this data, or ignore the issue.
In order to understand these issues, we interviewed two hundred small businesses about the security of their networks. The companies interviewed ranged from ten or fewer employees to over a hundred. About half of the respondents indicated that they believed their network to be either safe or very secure. Still, many did express that they had doubts about their level of defense from risks. Considering that almost all of the businesses had experienced some kind of security lapse in the previous year, this isn't too surprising.
The top threats reported are viruses and Trojan horse attacks, lost or stolen computers, and attacks or theft by employees and hackers. The top security measures in place at companies include virus protections, firewalls, spyware protection, and spam filters.
Many companies indicated that they did not have a smart password policy or employee network policies in place. These same companies most often did not report having full network protection, and hadn't tested their security measures.
To ensure the continuity of operations on a network, there is no single fix. We recommend a layered approach which looks for vulnerability in different network areas, including software, processes, hardware, and training. Each layer that is added creates another level of protection for your company information. Some of the areas to consider include blocking host-based attacks, host-based attacks, safely supporting authorized users, and tools which help maximize effectiveness while minimizing loss.
More than half of the companies who responded thought their network was secure enough, or better. Of the remaining respondents, 30% believed their network was somewhat secure, with 10% admitting that their network was not as secure as it should be. The larger businesses weren't quite as sure about their level of defense: more than half of the companies from fifty to a hundred employees, and 44% of those with over one hundred felt 'secure' or 'secure enough.' Among businesses from fifty-one to one hundred employees, more than 20% indicated that their network wasn't as secure as it should be. Generally, the bigger the business, the larger the network, and the larger the threat to network security.
Respondents reported on lapses to security and attacks experienced in the previous year. The most common network threat reported was virus attacks and Trojan horses, with about 50% reporting instances within the time frame.
Over 60% of the smallest companies reported virus-based attacks. Larger businesses reported at 40%, the lowest rate, which could indicate better defenses in place.
The risk of information loss due to theft seems to increase with company size. While a minor threat to smaller companies, more than a third of the largest firms reported this experience.
Attacks by hackers were most-often reported by businesses with less than ten employees, and those with more than a hundred. The smaller networks are the most vulnerable, and the largest may more likely be targeted. About 10% of all companies reported unauthorized access or theft from their own employees during the time frame.
For defense against these top threats, good processes, procedures and systems can help. Survey respondents were asked about the security methods in use at their company. The majority use virus protection and firewalls. About a quarter do not have spam protection or spyware removal, leaving their networks vulnerable to malware ranging from annoying to dangerous. Less than half have a smart password policy or patch management in place.
Smaller businesses are less-often using network use policies for employees, as compared to larger companies. More than 80% of large companies have guidelines in use. These guidelines attempt to limit the amount of unrelated use to the networks, minimizing the risks to the company. Only a few businesses use all of the highest-priority security defenses covered in the survey.
Smart passwords is a system which uses passwords which mix regular and special characters, and are changed frequently. Less than half of these companies have a smart password policy or patch management in use.
Until a security device or strategy is tested, it can't be known to be providing adequate defense. A hole could exist within a firewall, or anti-virus specifications could be outdated. Staff members may not be using proper practices for maintaining a secure network.
As security threats change over time, lapses can occur gradually. About a quarter of respondents reported that they can't remember their last security test, or that the business ever had conducted one. While many had implemented security measures, they can't really be sure that the protection is being provided by them.
The smallest companies tested security the least. Frequent network security validation is critical to system integrity in an overall continuity plan. Unfortunately, a company usually examines its exposure level only after the instance of a damaging security lapse which has a negative effect on the business.
In order to understand these issues, we interviewed two hundred small businesses about the security of their networks. The companies interviewed ranged from ten or fewer employees to over a hundred. About half of the respondents indicated that they believed their network to be either safe or very secure. Still, many did express that they had doubts about their level of defense from risks. Considering that almost all of the businesses had experienced some kind of security lapse in the previous year, this isn't too surprising.
The top threats reported are viruses and Trojan horse attacks, lost or stolen computers, and attacks or theft by employees and hackers. The top security measures in place at companies include virus protections, firewalls, spyware protection, and spam filters.
Many companies indicated that they did not have a smart password policy or employee network policies in place. These same companies most often did not report having full network protection, and hadn't tested their security measures.
To ensure the continuity of operations on a network, there is no single fix. We recommend a layered approach which looks for vulnerability in different network areas, including software, processes, hardware, and training. Each layer that is added creates another level of protection for your company information. Some of the areas to consider include blocking host-based attacks, host-based attacks, safely supporting authorized users, and tools which help maximize effectiveness while minimizing loss.
More than half of the companies who responded thought their network was secure enough, or better. Of the remaining respondents, 30% believed their network was somewhat secure, with 10% admitting that their network was not as secure as it should be. The larger businesses weren't quite as sure about their level of defense: more than half of the companies from fifty to a hundred employees, and 44% of those with over one hundred felt 'secure' or 'secure enough.' Among businesses from fifty-one to one hundred employees, more than 20% indicated that their network wasn't as secure as it should be. Generally, the bigger the business, the larger the network, and the larger the threat to network security.
Respondents reported on lapses to security and attacks experienced in the previous year. The most common network threat reported was virus attacks and Trojan horses, with about 50% reporting instances within the time frame.
Over 60% of the smallest companies reported virus-based attacks. Larger businesses reported at 40%, the lowest rate, which could indicate better defenses in place.
The risk of information loss due to theft seems to increase with company size. While a minor threat to smaller companies, more than a third of the largest firms reported this experience.
Attacks by hackers were most-often reported by businesses with less than ten employees, and those with more than a hundred. The smaller networks are the most vulnerable, and the largest may more likely be targeted. About 10% of all companies reported unauthorized access or theft from their own employees during the time frame.
For defense against these top threats, good processes, procedures and systems can help. Survey respondents were asked about the security methods in use at their company. The majority use virus protection and firewalls. About a quarter do not have spam protection or spyware removal, leaving their networks vulnerable to malware ranging from annoying to dangerous. Less than half have a smart password policy or patch management in place.
Smaller businesses are less-often using network use policies for employees, as compared to larger companies. More than 80% of large companies have guidelines in use. These guidelines attempt to limit the amount of unrelated use to the networks, minimizing the risks to the company. Only a few businesses use all of the highest-priority security defenses covered in the survey.
Smart passwords is a system which uses passwords which mix regular and special characters, and are changed frequently. Less than half of these companies have a smart password policy or patch management in use.
Until a security device or strategy is tested, it can't be known to be providing adequate defense. A hole could exist within a firewall, or anti-virus specifications could be outdated. Staff members may not be using proper practices for maintaining a secure network.
As security threats change over time, lapses can occur gradually. About a quarter of respondents reported that they can't remember their last security test, or that the business ever had conducted one. While many had implemented security measures, they can't really be sure that the protection is being provided by them.
The smallest companies tested security the least. Frequent network security validation is critical to system integrity in an overall continuity plan. Unfortunately, a company usually examines its exposure level only after the instance of a damaging security lapse which has a negative effect on the business.
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- 7 Business Advantages Of Offering Data Security
- How To Improve Data Security And Storage
- Best Ways to Lose Your Data
- Information Security And Secure Business Practices
- The PCI Compliant Business
- Data Security Threats: Spywares, Adwares and Viruses
- Data Security Through PCI Compliance
- Why Full Disk Encryption Matters: Road Warrior Airport Hazard
- Best Practices for Securing Your Backup Data
- Helping Small Business Consulting Clients in Denial
- Wireless Security Cameras