S'pore SMBs step up data protection

SINGAPORE--The rosier economy not only improved sales for small and midsize businesses (SMBs) in Singapore, it also led to a fundamental change in awareness for data protection.

According to a Symantec survey released Wednesday, the poll also showed that 73 percent of SMBs here were focused on enhancing data backup, recovery and archiving initiatives, and 84 percent considered loss of critical business information a major concern. Conducted in May, the survey polled 100 SMBs with staff headcount ranging from 10 to 499.

Some 64 percent of respondents said they had suffered revenue losses due to data loss, while 54 percent reported negative impact on their brand and 48 percent saw a dip in customer satisfaction.

"Last year, a Symantec survey found that security awareness levels were lower and many SMBs did not have even a basic antivirus solution in place," said Symantec's Singapore country manager, Tan Yuh Woei. "The 2010 findings highlight a progressive trend toward SMBs adopting a more comprehensive information protection strategy."

In an interview with ZDNet Asia, Tan pointed to the improved economic landscape leading to more competition for talent as one of the reasons organizations are increasingly concerned about data loss. He explained that with rampant hiring across many sectors, businesses are now looking at how to safeguard critical information.

"Why do I hire you to join my company? It's because I know you know something about the industry specific to my competition. With that, a lot of confidential information leakage occurs through loss of talent and manpower," he added.

Tan cited an increase in incidents where construction firms, for example, were known to hire people with access to data such as material cost, and use the information to outbid competitors.

He also credited Singapore's Infocomm Development Authority (IDA) for initiating IT security seminars and roadshows, as well as the constant media reports of data leaks that helped SMBs gain awareness in data protection.

"SMBs today are progressively more aware of the risks, where information is residing, how information is coming in and leaving. Therefore, it is important to protect critical data, and data leakage can mean a loss of reputation and revenue. Hence companies are very aware of the repercussions," he said.

The Symantec survey indicated that Singapore SMBs on average spent about US$10,000 acquiring IT security tools, namely in computer security, system backup and data recovery preparedness. The security vendor explained that while this figure is slightly lower than the Asia Pacific's average of US$12,900, it showed that Singapore companies are taking an interest in data loss protection, which was not the case a year ago. Then, due to the economic downturn, most companies were focused on ensuring returns on investment as resources were limited.

"This year, companies are upbeat due to the better economy, hence, they are more inclined to invest in protecting their IT infrastructure," Tan pointed out.

In a similar survey conducted last year, 50 percent of Singapore SMBs pledged to increase spending on IT security and storage. And while 60 percent were worried about handheld devices containing company data, only 32 percent implemented endpoint data protection solutions.

The 2010 survey also revealed that an increasing number of local SMBs, 73 percent, were adopting backup and recovery tools as well as new technology such as deduplication, which 53 percent of them had already installed or were in the process of installation.

The proliferation of mobile devices and social networking platforms was another area of concern for these companies.

Survey findings pointed to data backup and recovery as one of the key areas of improvement, with 46 percent of respondents backing up their data on a daily basis and 66 percent having initiated discussions and implementations for data deduplication.

Cyber attacks were also highlighted as a constant threat, with 54 percent of local SMBs experiencing some attacks, 16 percent facing them on a regular basis and 30 percent seeing a rise in such threats.

Tan noted that the threats enterprises face today are somewhat different, with the focus shifting to the endpoints. He pointed to implementing mass automation to update computer terminals with the latest security patches and ensuring user compliance to regularly change passwords as some effective means of preventing data loss.

Increased spending in region, too
Survey findings for Asia-Pacific SMBs also reflected a trend similar to that of Singapore's, according to Symantec.

Most respondents in the region had stepped up measures on safeguarding critical information, Tan said, showing a marked improvement from 15 month ago when most lacked even basic safeguards and were more concerned in generating revenue, rather than dealing with data loss protection.

Excluding Singapore, the survey tracked 900 SMBs across the region including Malaysia and Indonesia. Amongst them, 58 percent experienced data loss last year which led to lost productivity, revenue and downtime, with the cost of cyber attacks on average costing US$152,226 per SMB.

To better cope with potential data loss, Symantec recommends that companies educate employees on Internet threats and develop security guidelines, implement a complete protection suite to safeguard proprietary data, as well as set up a comprehensive data backup and recovery system to keep IT infrastructure working in the event of a disruption. Installing an e-mail and Web security application is also key to keeping out spammers and phishers, the vendor said.