So says a new survey by security advisor MessageLabs. In identifying the problem MessageLabs, not surprisingly, says it also has a solution. The company is launching the Small Business Security Clinic and Makeover, a kind of IT security toolkit of resources and education.
SMBs are at greater risk to various forms of malware (define) due to a combination of less resources for dealing with the problem, but also policies are looser.
"I think that's a consequence of enterprises being under a lot more pressure to implement policies to enforce regulatory compliance. Regulatory compliance inherently makes enterprises more secure," Paul Wood, senior analyst with MessageLabs, told internetnews.com.
"They are quite tech-savvy but not quite aware of the risk that using all of these protocols might introduce. They might be trying to do as much as they can at the same time and not thinking about what they are doing, and a lot of attacks are social engineering-based," said Wood.
Small businesses might also be deluding themselves into thinking they are doing enough to mitigate risk, said Wood. He also said some businesses also have the perception they are not at risk because they are a small organization.
But that's wrong. "We've seen an increase in targeted attacks on small businesses because they have less security in place," said Wood. MessageLabs found that only 53 percent of small businesses have the right IT security procedures in place compared to 69 percent of enterprise companies.
The report also looked at the importance of e-mail and spam issues. The study found that almost one-third of businesses would be severely impacted if the Internet went away, but only 14 percent would feel any pain if just e-mail went away. Wood said it reflected the Web as being the engine of e-commerce.