Running a small or medium-size business requires a great deal of effort, and owners typically employ their IT staffs in multiple tasks, from attending to helpdesk calls to implementing customer applications, and even helping out the finance department. With so much on their plates, it can be easy for small and medium enterprises (SMEs) to overlook another key role they need their IT staffs to fulfill—that of security officers. That’s because SMEs typically underestimate their exposure to cybercrime, thinking that they are not very valuable targets for cybercriminals. Unfortunately, they are wrong.

McAfee® recently surveyed 500 companies in the Unites States and Canada on their security measures, incidents and vulnerabilities for our white paper Does Size Matter? The results were startling. One in five companies surveyed had suffered a security incident, and a quarter of those businesses took a week to get their businesses on track after the latest attack. And what’s worse, the downtime cost them serious money. According to a recent report from Infonetic, small businesses lose an average of $30,000 in downtime following a cyber attack, while medium-size businesses lose an average of $225,000.

So, why do SMEs underestimate their vulnerability to cybercriminals? Our survey sought an answer. As it turns out, a majority of the respondents—52 percent—believed that they were not well known enough to become a target, while 45 percent didn’t believe that they were valuable enough targets. One-third of those surveyed didn’t think that their information would be valuable to people outside of the organization. However, cybercriminals don’t agree. This is because they go after any target that seems easy to get at, and SMEs, with their smaller security budgets and underestimation of threats, can be easy pickings.

While SMEs are not as high-profile as larger organizations, they are still heavy technology users. In fact, 92 percent of those surveyed said that online access and availability is important to running their business, and SMEs are also some of the biggest technology buyers, representing a $270 billion market, according to a recent Everything Channel Survey. Yet despite these facts, 39 percent of the companies surveyed spent just one hour a week on proactive IT security, while 10 percent spent no time at all. Further compounding the situation, half of the SMEs surveyed trust the default settings on their IT equipment. Because these default settings are widely available, cybercriminals have access to them, making it easier for them to crack systems.

In light of these findings, we believe that SMEs need to take a closer look at their security measures, keeping in mind that a proactive approach is always better than a reactive one. The experts at McAfee offer these recommendations for tightening up the security at your business to make it as difficult as possible for the bad guys:

• Establish a clear security policy, and make sure that your employees know how to follow the proper protocol when downloading files and applications


• Follow industry password and account protocols


• Disable any unused ports and uninstall any unnecessary applications


• Keep your security patches up to date. You may want to subscribe to a managed security service to help you keep on top of the latest patches.


• Look for intelligent security solutions that can alert users to potential security issues


• Deploy an anti-virus solution that detects unknown as well as known threats


• Use McAfee SiteAdvisor® Enterprise to proactively block employees from accessing dangerous web sites


• Encrypt laptops and mobile devices, such as USB sticks, to prevent information leaks