Anilrgowda

Small companies ignorant of security?
By Tom Espiner
November 20, 2006, 5:15 PM PST

Small businesses must become more aware that they are the potential victims of cybercrime, former White House security adviser Howard Schmidt has urged. Speaking at an IT security event at London's House of Lords on Monday, Schmidt said all businesses are at risk through a lack of proper configuration of security equipment, or through not taking proper security precautions.

"SMEs (small and midsized enterprises) are not aware of being a potential victim--spending 40 pounds per year on antivirus is not a high priority," he said at the event, organized by managed services specialist Claranet. "SMEs have to realize that just because they are small, it doesn't mean they won't be targeted. Bad guys target wherever they can get money."

Ninety percent of small businesses and consumers install antivirus, but 10 percent never update the software's signatures, which are matched against suspected threats, Schmidt said. Small businesses with limited staffing resources simply do not have time to devote to cybersecurity issues, he said. In addition to keeping a lookout for malicious software, organizations need to be aware of important data leaving the company, often through human error.

Employees using file-sharing networks are often unaware of the security implications, Schmidt said. "Individuals working on peer-to-peer networks often don't realize they're sharing the whole contents of their drive. You can find Homeland Security vulnerability assessment documents online from employees (using P2P)."