Are Viruses What SMBs Really Need To Be Most Worried About?

Viruses and Trojans topped small and midsized business's security concerns in a recent survey, with data leaks not far behind. But the real top concern needs to be the incomplete security policies and practices that are typical of too many SMBs.According to a recent Trend Micro survey of 1,600 small and midsized, the dangers posed by viruses and Trojans were the number one SMB security concern.

Trend Micro's findings showed viruses holding the prime fear position with 63% of respondents, and Trojans not far behind with 60%; deliberate data-theft malware close behind at 59%.

These are all reasonable and worthwhile fears that every business must attend to, as are data leaks, spyware and spam, all of which were well-represented on the survey's concerns list.

What's really scary about the survey finding isn't so much the threats, but how little some businesses are doing to protect themselves against them.

Less than 50% of the survey respondents, for instance, had implemented defenses against data-stealing malware, despite awareness of the size of the threat and availability of tools to protect against it.

More telling, and more scary, though, was the degree to which awareness of threats -- particularly data leakage -- was not reflected in small and midsized business's overall policies and the communication of those policies to employees.

Less than half of the businesses surveyed -- 44% -- have formal policies regarding data leakage.

Without those formal policies -- and the employee education that makes the effective -- all the concern in the world isn't going to do much good.

Tellingly, the companies that do have a data leakage policy in place, are also the companies likeliest to back that policy up with employee education.

The lesson -- and I use the word deliberately -- here is clear: Put policies in place to address threats and concerns.

And make sure that one core part of that policy is thorough and ongoing employee education.

The top security concern for small and midsized businesses that don't have policies in place should be to craft one, soon, and begin educating employees about it the instant it's ready.