News

Small Companies Lax About Computer Security, Report Finds

Large companies are valuable targets for cyber criminals, but what about the small fry? Software security firm McAfee took a gauge of opinions, finding that some small and medium-size businesses don't seem that concerned about potential hacks. At least that's what its recent survey suggested.

The results were collected from telephone interviews of officials at small companies, which were defined as having less than 1,000 employees. McAfee surveyed at least 500 respondents at U.S. and Canadian firms.

The report said that 45 percent of those surveyed didn't think their enterprise environment was threatened by cybercriminals. What's more, at least 250 of the IT pros who picked up the horn and answered McAfee's survey questions believed their company didn't have the big brand name to attract hackers.

"For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation," stated Darrell Rodenbaugh, senior vice president of the mid-market segment at McAfee in a press release accompanying the report. "Just because a business is small does not mean it is immune to security threats."

The report added that 35 percent of respondents weren't even concerned about attacks, but about 34 percent said they'd been attacked at least four times in the past three years.

Defining Security
Every other week, month or quarter, the reports pile up, chronicling inside jobs, the proliferation of malware and a general apathy among many IT managers and staffers toward computer security. Critics of such reports might say that they come from vested interests that just publish alarming numbers to sell security solutions.

Not so, says Christian Phillips, head of security for the Regulus Group, a remittance and general business-process outsourcing company for several Fortune 500 companies. He added that many of these studies have demonstrated a noticeable pattern.

"Security is job one when you're defining a business strategy," Phillips said. "It's not just a reactionary tactic or something to get proactive about when there are threats, but a necessity."

When a peer company is attacked, it's an "issue." However, when your enterprise is attacked, it's a "problem," security experts say.

Threats of All Kinds
New threats emerge every day. Just last week, commercial air carriers Delta and Northwest warned customers about bogus e-mails posing as airline ticket invoices, which might contain malicious code, spyware and malware. The airline urged potential customers and anyone getting such spam to delete the messages without opening them.

Craig Schmugar, a researcher at McAfee, confirmed the threat in the software company's blog. The e-mails are said to look like authentic correspondence from the airlines and even provide a screen that looks like a log-in interface asking for a username and password. The message typically says that the user's credit card has been charged by an amount, usually in the $400 range. There is even an attachment claiming to be the invoice for the ticket and credit card charge.

With larger DNS threats in the offing, taking control of security measures makes sense, according to Andrew Storms, director of security at San Francisco-based nCircle.

"For those of us who breathe infosec everyday, it's a no brainer to devote resources into the remediation and risk reduction strategies surrounding threats," Storms said. "And it should be a no brainer to people in IT circles everywhere and outside of IT at the executive level."

If you have a computer and it processes critical information, "secure your network, period," Storms added.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.