Beware the human factor in SMB security

Summary:New research from Ponemon Institute and Trend Micro suggest that close to 80 percent of data breaches are related to risky employee actions.

Close to 80 percent of all security breaches are related to human behavior -- either honest mistakes or premeditated actions. That's according to a study released last week by Ponemon Institute and sponsored by security technology company Trend Micro.

What's more, it turns out that small and midsize businesses are more slightly more likely than enterprises to suffer security breaches related to the failings of human behavior, the data show. Approximately 81 percent of SMBs reported that human "mishandling" was to blame for a breach, compared with 78 percent of enterprises. (The differences will become even more apparent later on in this post.)

Overall, there were 709 IT professionals surveyed for the research.

Across the board, SMB employees were more likely to do things that were deemed "risky" in the eyes of security professionals. Here are some examples:

  • 58 percent of them clicked on Web links in spam (versus 39 percent of enterprise respondents)
  • 77 percent have left their computer unattended (versus 62 percent)
  • 55 percent of SMB employees have used off-limit Web sites (versus 43 percent)

Smaller companies were also less likely to feel secure with the safety measures in place in case of a human failing. For example, 62 percent of the respondents from smaller companies believe their information isn't safe if someone goofs or there is a network breach.

That's a pretty darn high percentage, don't you think?

Among all companies, here are the top three reasons for breaches, as reported by the survey respondents:

  1. Loss of a laptop or mobile device
  2. Third-party mishap (such as when a service provider handling your data accidentally exposes it)
  3. System glitches

Stepping back, the data offers more evidence that companies, especially smaller companies, should spend more time developing an explicit policy around data security rather than just throwing technology at the problem. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement:

"We saw that most surveyed believe their companies are not doing enough to ensure a more effective security infrastructure against hackers and targeted attacks. Combined with a data-centric technology, education and awareness among employees are essential."

Knowing what you are up against goes a long way toward protecting against it. As more SMB employees go mobile -- and the chances of data loss rise correspondingly -- smaller companies could stand to spend more time worrying about who should have access and under what circumstances. Don't just make it an IT policy, make it a corporate policy.

Topics: SMBs, Security


Heather Clancy is an award-winning business journalist specializing in transformative technology and innovation. Her articles have appeared in Entrepreneur, Fortune Small Business, The International Herald Tribune and The New York Times. In a past corporate life, Heather was editor of Computer Reseller News. She started her journalism lif... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.