Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Sean Stenovich often sees his small and midsize business clients pick and choose their security solutions based on what they think they need and can afford.

The result is a security plan that covers some areas but leaves many others exposed, said Stenovich, a principal at Dallas security solutions provider M&S Technologies.

“They’re thinking [anti-virus] protection, anti-spam software; not intrusion protection, system backups,” Stenovich said. “I feel their pain. I’m a small business owner too. They have to prioritize, and they end up with gaps in their protection.”

A survey released last month by Quocirca, a United Kingdom-based research company, reveals just how common that dilemma is.

The Quocirca report, “Achieving Best Practice in IT Management for SMEs,” which is based on a poll of 241 companies with 1,000 or fewer employees, shows that less than 25 percent of SMBs are fully protected against intrusions and security vulnerabilities; most respondents said they lack the time, money and resources to be fully prepared.

Some highlights of the report include:

  • 25 percent of SMBs, even some of the larger companies, lack a dedicated IT staffer.
  • 75 percent of companies maintain high-speed Internet connections, but only 25 percent have checked the security of those lines in the last year.
  • 30 percent have had their ability to operate affected by computer virus; 20 percent by a worm and 15 percent by a hacker.
  • Less than 50 percent maintain any spyware protection.
  • Between 40 percent and 80 percent of SMBs back up servers; size seemed to be the greatest indicator of whether a company would back up its servers.
  • Less than 20 percent of all companies back up PCs at least once a day, even though that’s where most of the work and recent data sits; less than 10 percent of the smallest companies back up PCs at least once per day.
  • Industry and geography played no role in network vulnerability.

    “[Security risks are] a nightmare SMBs have,” said Bob Tarzey, services director at Quocirca, which specializes in the IT field. “They’re not stupid, but the realities of business dictate they take a ‘we should be all right’ approach. They don’t have the time, they can’t afford the expense, can’t take the hassle of finding a fix and integrating all of their components.”

    The answer to improving security at SMBs and building business for the VARs who serve the industry is making the solution quick, cheap and easy, said David Luft, senior vice president of SMB product development at Computer Associates International Inc., which sponsored the study to support the marketing for its new line of security software suites aimed at SMBs.

    “SMBs are not looking to get into a drawn-out process to secure themselves,” he said. “They’re looking for an easy fix that lets them get back to business, whether it is banking or sales or health care.”

    Click here to read more about Computer Associates Protector Suite for SMBs.

    Not surprisingly, the survey found that the smaller the company, the more vulnerable the network. Less than 10 percent of companies with 50 employees or fewer maintain automatic security patch management software, versus 60 percent of companies with more than 300 employees.

    “They have less to work with, so they’re more likely to prioritize their needs and their resources,” Stenovich said. “But it can be a painful situation if they get nailed where they least expect it. Even the smallest company is vulnerable to lawsuits or financial losses from these security threats. As the reseller it’s your job to remind them of that.”
    Stenovich said the cost factor is not a figment of the client’s imagination.

    “For years, everything was about serving enterprise companies, and these solutions were priced out of the SMB market,” he said. “In recent years, you’ve seen a shift in that vendors are making solutions that are cheaper and easier to manage for the smaller clients. For resellers it means our clients will be more likely to buy in.”

    Low maintenance is also a key, Luft said.

    “More and more SMBs need software to take care of things for them, take specific actions without their knowledge,” he said. “They don’t want to have to worry about whether their software patches are up to date.”

    “The bottom line is they don’t want to be in the IT business,” he said. “Whatever lets them get back to business quicker will get them on board.”