Its time for SMBs to make that small investment in security. With the Budget just a couple of months away and many companies already finishing their audit formalities, this is the best time to sit back and think of the investment for the next financial year.

According to Websence, this year SMBs would be at a larger risk from Spyware and Spam rather than viruses. SMBs have a smaller IT budget and thus the key investment in security will be even smaller. Forrester's Research found that SMBs will average only a two percent rise in IT Budgets and SMBs expect to spend nine percent of their IT Budget on security.

The Business Impact

SMBs have an IT plan and many a time, it’s not foolproof. An antivirus solution does not cover all the threats or rather cannot even detect the smallest spyware on the internet. There are however many security risks that can have a negative impact on the business for SMBs, which include loss of sensitive information, theft of intellectual property, slow system performance, costly computer repairs, employee downtime etc.

There are numerous incidents and stories in the past where small and big organisations have become victims of internet crime. Spyware and key loggers cannot be dealt in the same way as an antivirus, but the solution needs to be bigger and better. The Webroot SMB survey for five major countries in Asia showed that a great number of SMBs were affected by spyware than viruses. Precious money lost just because of an effective solution but for the wrong cause, or maybe not an entirely effective system to watch over the internet inflow.

Heightened Risks Is A Hint

The SMB sector is growing and of course there is a much bigger threat waiting. Organisations whether big or small need to have a plan that can mitigate the security threats at an effective manner. While Spyware and Trojan horses were the among the highly recognised threats than viruses, in a Scansafe report which came out last year, it also implies that there was a 254% increase in the Spyware and
Trojan horses than in 2006, while it saw a decline in viruses.

In addition to the business risks, many governments across the globe have instituted additional data protection measures to compel companies to follow a regulatory compliant order. Beyond the external threats and regulatory requirements facing SMBs, there are several internal factors that heighten the state of internet security risks for SMBs. Some of them are pervasive internet use, lack of polices for employee internet use, limited in-house expertise, among others.

Over the years widespread network access and declined costs of bandwidth have made it easier for companies to increase the reliance on internet. With liberal internet use these networks can bring benefits, but more importantly can expose SMBs to greater security risks. In many companies the internet bandwidth is used for unhealthy purposes and this includes downloads from peer to peer sites and applications which actually open up ports and might expose the company to unimaginable risks. Particularly in organisations that do not have a formal policy or restrictions, its likely that personal use of company computers and the bandwidth only increases the time and money to monitor the network.

The Right Time Is Now

Smaller IT budgets available at SMBs directly impact the ability to attract and retain qualified IT personnel, since they often have less money for compensation. In keeping with these issues and the ones mentioned earlier, SMBs need to fight threats with technology. Security software programmes that claim to do it all, don’t really provide specialised expertise needed to address threats like Spyware and Trojans. Sophisticated threats require specially designed products.

Spyware and other malicious programs can infect a computer form a range of entry points including internet based applications, peer to peer sharing channels and removable media. Thus, to mitigate these threats and the ones that would emerge in the near future, SMBs need to make the investment right away and make the security initiative more robust, with an antivirus solution and a firewall at the internet gateway. Every desktop also needs to have an anti-spyware as well, to detect and block any spyware related threats. Also, additional steps need to be taken to protect the company's network by either neutralising the use or introducing administrative controls on open access of internet if not required. This will definitely act in favor if not otherwise.

Gartner advices IT Leaders around the world to increase the security spend of the IT Budget and decrease the overall IT spend by atleast 10%. Thus, here is a small message to CIOs "Better to have and not need, than to need and not have."