F-Secure recently conducted a piece of research into SMB attitudes towards various aspects of IT. Here, Allen Scott, managing director of the UK & Ireland, looks at the findings and the risks these businesses are opening themselves up to.
Small and medium sized businesses are the lifeblood of Britain. Only 0.1 per cent of British businesses are large enterprises which means that the majority of IT systems in this country are being sold to companies which often don’t have an IT department.
In some respects, there is a chasm between the technology needs of a corporation and those of a small business, but some requirements bridge this gap and apply to all. Security is one of these. After all, we are all targets to cyber criminals.
The furore around Windows XP support coming to an end highlighted to companies worldwide that software updates are essential to keeping their business networks clean and healthy. Without Microsoft’s regular patching, Windows XP is now an open door to hackers.
It can only be a good thing that most companies have now upgraded their operating systems to a secure platform, but how many have considered all the other software they use? Not many, it appears.
Almost half (43%) allow employees to install their own software on company computers. This in itself can cause multiple headaches – the potential to install malicious software and conflicts arising with existing software, for example. As a general rule of thumb, a company is only as safe as its employees are proficient. From my experience, most people aren’t, which is why the IT administrator needs to be involved.
Compounding the problem is that, of these companies which take a laidback attitude to software installation, two-thirds (67%) leave employees to take care of the updates themselves. A further 30 per cent only conduct Microsoft updates and a tiny three per cent cover everything. It is akin to leaving the office door open for the weekend and sending an invitation to thieves to pop over for tea.
We all know what it is like to be hassled by software updates every time you switch on your home computer. We all know how many people will ignore these updates for a considerable time until they deem they have time to allow the update. Companies need to remember that employees are often under more time pressure at work than they are at home, so why would they not behave in the same way?
Taking the software updating process out of the hands of the IT administrator will not only ensure that potential exploits are patched, but can also save considerable time. Our research showed that SMBs (or rather, their IT partners) spend an average of 11 hours per week updating software. Quick maths will soon show the cost and time savings to be made, aside from the peace of mind.
IT is not the concern of most employees. It simply needs to work for them. So businesses must accommodate this by restricting employees’ abilities to install software (especially that which is not on an approved list) and setting automatic software updates to do away with the worry.
By 
Allen Scott, F-Secure
F-Secure Corporation is an anti-virus, cloud content and computer security company based in Helsinki, Finland. The company has 20 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia. Through more than 200 operator partners globally, millions of broadband customer use F-Secure services.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.