Reading between the lines - small business security

“Small and midsized businesses (SMBs) have a reputation of being somewhat lax when it comes to information protection… That’s why the Symantec 2010 SMB Information Protection Survey is so surprising. It turns out that in the last 15 months, SMBs have become extremely aware of and focused on information protection.”

So opens the latest research report from Symantec. It’s one I find a little hard to accept because many claims simply don’t ring true. The interpretation of statistics is also unconvincing, to say the least, as a claim that 42% of businesses have lost confidential or proprietary information in the past is immediately followed by a pie chart which shows that two thirds have not.

When I read on, I find that around a third of SMBs claim to be extremely skilled in computer security and that they spend more money on security, back-up and DR than on general computing. They also lose on average two dozen laptops a year, and experience hundreds of individual security incidents each year, yet most claim never to have lost any confidential or proprietary data. Around half don’t have a written DR plan, yet more than half claim to test it at least twice a year.

Is this really typical of small and midsized businesses?