Small to medium-sized businesses (define) often don't have the security policies, systems or know-how in place of their larger enterprise brethren, and that's a lurking danger.

So says a new survey by security advisor MessageLabs. In identifying the problem MessageLabs, not surprisingly, says it also has a solution. The company is launching the Small Business Security Clinic and Makeover, a kind of IT security toolkit of resources and education.

SMBs are at greater risk to various forms of malware (define) due to a combination of less resources for dealing with the problem, but also policies are looser.

"I think that's a consequence of enterprises being under a lot more pressure to implement policies to enforce regulatory compliance. Regulatory compliance inherently makes enterprises more secure," Paul Wood, senior analyst with MessageLabs, told

Based on surveys in the US and UK, MessageLabs concluded the biggest threat to cause a data breach comes from an unlikely source -- junior sales men and women between the ages of 26-35 years old. Not that they do anything bad, it's just that these unlikely villains are multitaskers, often using multiple applications at once.

"They are quite tech-savvy but not quite aware of the risk that using all of these protocols might introduce. They might be trying to do as much as they can at the same time and not thinking about what they are doing, and a lot of attacks are social engineering-based," said Wood.

Small businesses might also be deluding themselves into thinking they are doing enough to mitigate risk, said Wood. He also said some businesses also have the perception they are not at risk because they are a small organization.

But that's wrong. "We've seen an increase in targeted attacks on small businesses because they have less security in place," said Wood. MessageLabs found that only 53 percent of small businesses have the right IT security procedures in place compared to 69 percent of enterprise companies.

The report also looked at the importance of e-mail and spam issues. The study found that almost one-third of businesses would be severely impacted if the Internet went away, but only 14 percent would feel any pain if just e-mail went away. Wood said it reflected the Web as being the engine of e-commerce.

This article was first published on To read the full article, click here.