Does size matter?

Europe`s 19 million small and medium-sized businesses (SMEs) are operating in an increasingly competitive environment. They are becoming more and more reliant on technology to conduct business and remain competitive.

As a result, cyber criminals are shifting their focus to target SMEs, as illustrated by a recent survey by the GetSafeOnline initiative, showing that 44% of SMEs have been attacked.

The result of these attacks can be catastrophic to small businesses. Viruses, hacker intrusions, spyware and spam can result in a number of damaging consequences such as lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation.

These types of effects can be damaging to any size business, but in particular an SME, which has limited technical staff, restricted security budget and fewer backup support options, meaning the business could be crippled by any of these attacks.

But, worryingly, the general consensus among the small business community in Europe is that they are just too small to be of any value to cyber criminals: 56% don`t even think they could make cyber criminals money. As well as being na"ive about the potential value they can offer to hackers, as many as 90% think they are adequately protected when it comes to IT security. This is a dangerous misconception and SMEs need to understand why they are at risk and how best to protect their business and raise IT security up the companies priority list.

This is of course a huge challenge for SMEs to address. As a security expert, McAfee understands that fighting viruses, malicious code and fending off phishing (or even SMSishing) attacks is a full-time job. It`s a challenge and it`s difficult to find time in the day to dedicate to this, especially when the business is battling with limited resources and budget.

McAfee conducted the `Does Size Matter?` research report to identify to what extent European SMEs are actually at risk, and assess how much time and effort is spent on maintaining security protection. The survey found that, on average, SMEs have just one hour a week to dedicate to IT security. While this is understandable with the challenges that smaller businesses have to face, something needs to be done to address this balance.

It is unrealistic to expect small businesses to redirect huge amounts of budget or time into the area of IT security, so how best can SMEs address this issue?

Firstly, it is important to implement the right technology. It can be a confusing process navigating the security product landscape, but by implementing a managed security product, SMEs have that pressure removed and can be confident they are receiving the right protection.

Secondly, as well as implementing the right technology, there are a number of steps that SMEs can take, in terms of education, to ensure the business remains protected and truly does go under the radar of cyber criminals. These range from deleting e-mails from unknown sources, not opening attachments, as well as backing up files and keeping sensitive information, such as credit card details, protected. Education is key and can go a long way in terms of minimising risk.

The research proves that SMEs are as much at risk as larger enterprises, and it is important for business leaders to be made aware now so steps can be put in place before the business is lost as a result of an attack. Hackers can make money out of any size business, and as SMEs increasingly become digitalised and dependent on technology, this will become an even bigger problem.