Canadian small and mid-sized businesses (SMBs) are taking more serious measures to protect digital information after suffering data loss or cyber attacks over the past year, a new survey shows.
Businesses with 10 to 499 employees in Canada and around the world have drastically improved their safeguards in protecting information compared to one year ago, according to the global survey funded by security software vendor Symantec Corp.. When a similar survey was conducted 15 months ago, SMBs were worried about threats to their digital information but hadn’t taken much action.
After a year, when most businesses were either the target of an attack or data loss, SMBs are now dedicating two-thirds of their IT department’s time and an average of $51,000 annually to information protection.
It’s a sign awareness of cyber threats has improved, says Monica Girolami, senior product marketing manager at Symantec.
“Last year companies were feeling very comfortable about their protection,” she says. “Now SMBs are much more serious about information protection … they don’t feel like they’re okay.”
It’s no wonder, when 73 per cent of small firms report seeing some kind of cyber attack over the past year. Canadian firms were slightly less under fire, with 69 per cent reporting at least one attack.
Those attacks are costly to businesses. One-third of firms describe them as “extremely effective.” They incur an average annual cost of $188,000 as a result of cyber attacks… [Next Page]
“Sometimes these SMBs have to experience it to believe it,” Girolami says. “Last year they experienced real loss, and now they believe it.”
Small shops have varying levels of awareness about IT systems, according to Roberta Fox, president and senior partner at Fox Group, a technology consulting firm in Markham, Ont.. Many want to backup their data and prepare for worst-case scenarios, but not all have the savvy to backup more complex IT infrastructure … involving networks, applications and cloud-based services.
“It’s something they need to get around to,” she says. “It may be important, but unless the solutions are easy to use, it doesn’t get done.”
Firms will use whatever storage method they’re accustomed to for backup, Fox says. From Zip and tape drives to external storage and DVD burning – a myriad backup methods are available.
Popular backup software cited by firms include Microsoft Data Protection Manager (22 per cent), Symantec Backup Exec (15 per cent) and HP Data Protector (10 per cent), according to the survey.
Still, not all businesses are on board with backup practices. Nearly half of firms worldwide still never backup their data, while another 31 per cent do it on a daily basis.
“It can seem a bit overwhelming,” Girolami says. “Unless they bring in a consultant or a partner, they turn a blind eye to it.”
Frequency of backups should depend on the nature of the data, Fox says. More sensitive information such as financial or customer data should be backed up on a daily basis, but other less important data can be replicated less often.
“We do total laptop backups on a monthly basis,” she says. “Client files are done on a bi-nightly basis as well.” Recovering lost data is always more difficult and expensive than backing up data, she adds.
Canadians seem to be more careful with their mobile devices than the rest of the world. Only seven per cent polled reported a loss of confidential or proprietary data in the past year compared to a global average of 42 per cent.
“It really starts to drive it home for these SMBs when an employee loses a laptop with no encryption on it and they have to send that e-mail out to the customer base,” Girolami says… [Next Page]
Applied Research conducted the survey on behalf of Symantec. The report was based on responses from 2,152 executives and IT decision makers from small and mid-sized firms in 28 countries, including 192 Canadians.
The poll was conducted over the phone in May and the data is accurate 19 times out of 20, within 2 percentage points.
Symantec’s safety tips
1. Educate employees. Develop Internet security guidelines and educate employees about Internet safety and security. Regularly change passwords and protect mobile devices. “You as a business administrator can only do so much,” Girolami says. “It’s your company employees that are using this information day after day.”
2. Safeguard important business information. Implement a complete protection strategy to make sure proprietary information is safe.
3. Implement an effective backup and recovery plan. Just one outage could mean customer dissatisfaction and costly downtime. Ask yourself if something does get past that anti-virus application or there is a disaster, how can you bring your business back to the point in time right before that event.
4. Secure e-mail and Web assets: Select a mail and Web security product that can mitigate spam and e-mail threats. This can also help boost employee productivity.