By Ryan Flores
Advanced Threat Research
July 1, 2009

Small and medium-sized enterprises (SMEs) usually don’t employ dedicated IT security staff and so face risks of losing precious data, which could translate to productivity loss and disruption of business.

According to a study conducted by Digital Philippines, SMEs account for 99% of the total number of registered business establishments in the country today. They employ 67% of the total population and comprise 60% of the total number of exporters in the country. The survey also found that 72% of SME employees use SMS via mobile phones to transact business, 23% use handheld devices such as Palm Pilots or Pocket PCs, and 90% use PCs, though only 70% of which have Internet access, putting themselves and their companies at risk every day amid the rapid proliferation of security threats.

Trend Micro examined the surfing habits of 1,600 SME employees in various countries and found that they were more likely to engage in activities that pose security risks to their employers’ businesses such as checking personal emails, launching downloaded executable files, and making online purchases at work. Pilferage and laggard or abusive staff have been identified as two of the most common problems SMEs face.

Extensive customer knowledge often set SMEs apart from their large counterparts. Many SMEs operate as family businesses and are managed by their founders or their descendants who know a lot about their customers and the business but may not know that much about systematizing business processes. More often than not, they don’t even see themselves as likely targets of security threats so they don’t really accord that much priority to IT security. Some of them may not even be aware of how important their assets are, particularly to their competitors, nor that hackers, spammers, and other malicious users don’t really care who they prey on. Everyone is fair game. A company’s size does not matter; all that matters to them is the number of successful malware infections, compromises, phishing attacks or stolen information.

Just like large enterprises, SMEs also need protection against the ever-increasing number of malware and digital threats. However, given the limited resources of SMEs, they should take three things into consideration before buying security software:

• All in one suite
• Easy to install and manage
• Support quality

All in one suite

Separately buying antivirus, anti-spam and web filtering software involves a significantly higher cost of acquisition compared to purchasing product suites that incorporate all these technologies into one package. Of course, this is not exactly applicable to large enterprises that require best-of-breed products to ensure the best protection possible, but for an SME, this purchasing strategy makes the most economic sense while providing adequate protection.

Easy to install and manage

Since SMEs do not have a dedicated IT staff, having a suite that is easy to install and manage is critical. It is counter-productive if a security suite needs to be configured, re-configured, and maintained. In the end, employees are better off doing their actual jobs rather than troubleshooting a complicated piece of software.

Support Quality

Murphy’s law states that “whatever can go wrong, will go wrong,” so expect your security software to crash at least once in the most unexpected circumstances. When this happens, having a technical support that can help you sort things out is gold. You wouldn’t want a vendor who takes your money, then leaves you alone to figure out what went wrong.

With these in mind, it is worth your while to do a little research. Various reviews are published in the Web, and vendors should be able to provide you with answers regarding total cost of ownership and technical support quality. In the end, security products are investments to make sure the business continues, and having a worry-free security suite takes out all the hassles of owning one.

References:
• ICT Usage in the Philippines, Indonesia, and Thailand (http://www.aijc.com.ph/pccf/observatory/pfd%20files/papers%20&%20Publications/e-commerce/ICT%20Usage%20in%20the%20Phil%20Indo%20and%20Thai.pdf)
• ICT Security Strategies for SMEs (http://www.sersc.org/journals/IJSEIA/vol2_no3_2008/7.pdf)
• PLDT SME Nation Offers Internet-Connected Monitoring Device (http://www.philstar.com/Article.aspx?articleid=425856)
• SME Workers Pose Top Security Risk (http://www.vnunet.com/vnunet/news/2218069/smbs-pose-top-security-risk)
• Pacific Internet Launches Multi-Level Security Service for SMEs (http://www.manilatimes.net/national/2007/sept/11/yehey/business/20070911bus9.html)
• Trend Micro Targets SMBs with New Web Solutions (https://myhome.trendmicro.com/en/region-info/us/marketingandsales/news/worryfreesecuritysolutionsinitialcoverage.htm?vwloc=en)

Ryan Flores/Threat Researcher
TrendLabs is Trend Micro’s global network of research, development, and support centers

Possibly Related Posts:

• To Tweet or not to Tweet?
• Why Pinoys Should Care That the Global Financial System Keeps Making the Same Mistakes
• Do Quality Certifications Provide Competitive Advantage?
• Technology trends for 2012 driving workforce innovation
• What Steve Jobs Left Behind at Apple

 Print This Post