Small and mid-size businesses have become increasingly savvy about securing their computers, servers, and networks. At the same time, the hackers, crackers, and other criminal minds have become equally as confident that one Trojan or virus can make conducting business difficult, if not impossible.
Many small and mid-size businesses have developed a "sense of complacency" regarding security because large-scale viruses aren't the main threat anymore, says Adams Hils, small and mid-size business security analyst for Gartner, the Stamford, Conn. research firm. But he and other analysts warn that the danger is now worse because criminals are looking to steal data for financial gain -- not merely for mischief-making.
"They don't want to generate headines," Hils said. "They want to generate revenue." Furthermore, if your business retains customer data and you do business over the Internet, your business is a potential target.
Basic anti-virus tools aren't enough
Firewall misconfigurations, weak encryption and passwords, and lapsed software patchwork can lead to company or customer data theft for a business. Basic anti-virus software isn't enough to protect many small and mid-size businesses these days, and anti-spyware is becoming increasingly important. Malware from websites has grown 540 percent over the last two years, according to Gartner.
Security software maker Symantec, in its most recent Internet Security Threat Report, warned that in addition to other malware problems, phishing was a growing concern for businesses in 2007. Symantec said that servers for small business could be used as hosts for phishers because the companies are often short on IT staff and therefore could be at risk for lapsed security patches. That's why it's important for all businesses -- no matter what size -- to maintain tight security on all data and company information, analysts say.
"You're trying to increase the number of barriers between yourself and the bad guys," says Anil Miglani, senior vice president at AMI-Partners, a market research firm based in New York.
AMI-Partners estimates that security spending among small and mid-size North American companies will be $5.25 billion in 2007 -- up from $4.5 billion in 2006. It expects double-digit growth rates for security spending among North American small and mid-size businesses over the next five years.
New products offer solutions
It's no surprise, then, that vendors have new security products for small and mid-size businesses, which are prioritizing security upgrades but demand simplicity and affordability, according to Forrester Research.
Because of these factors, Microsoft is gaining ground in the security market, according to analysts. Microsoft's Forefront Client Security is one of the cheapest anti-virus and anti-spyware security solutions on the market, but it may be too basic for some businesses, analysts warn.
"For some smaller businesses that are not as exposed to Web threats and outside threats, it might be OK," Hils said.
Security heavyweights McAfee and Symantec offer "the most robust" solutions but are pricier, says Natalie Lambert, an analyst with Forrester Research. Symantec's Client Security and Anti-Virus products are developed for businesses of varying size, but like most vendors, it does not have a one-size-fits-all solution, Lambert said.
McAfee has specific products for small and mid-size businesses such as its Active VirusScan SMB Edition, as well as separate host intrusion products. The company provides management support which is crucial for companies with small IT staffs, Lambert said.
Bundled options best for small business
McAfee does not combine its anti-virus and anti-spyware solution. Gartner advises small and mid-size businesses to use vendors that bundle anti-spyware with their anti-virus products, such as Symantec, Trend Micro or Panda Software, or to negotiate with their current vendors for a competitive combined anti-virus and anti-spyware price.
A smaller competitor, eEye Digital Security's Blink product, has performed well in independent tests. It covers several security concerns by offering anti-virus, anti-spyware, anti-phishing and firewall protections, as well as intrusion preventions and detections.
Whether you need a basic or more sophisticated security product depends on the needs of your business. For example, if you do business on the Web or if you have several employees and want to tighten internal as well as external security.
It's important that you assess your own needs -- or have an assessment conducted for you -- before shopping for products, Miglani advises. And, he warns, don't think that your business is immune to threats, no matter how small it might be.
"The probably of these [attacks] happening can be low, but the potential damages can be high," Miglani says.