Employees blamed for SME security breaches

IT managers in small and medium-sized businesses blame their fellow workers for online security breaches — despite the fact many SMEs still don't enforce web-usage policies.

More than a quarter of European SME IT managers said they believe company employees are responsible for security problems, according to research commissioned by security software company Websense.

The most frustrating problem for IT managers is employee behaviour (cited by nearly a third of managers), followed by security not being high enough on the corporate agenda and then budget constraints.

The survey found nearly a third of employees said they need to access sites known to present a high security risk, such as peer-to-peer services and free software-download sites.

The extent to which workers use the web is highlighted by the finding that European employees spend an average of around two hours per day online at work, with around half-an-hour of that spent browsing non-work-related sites.

But suspicious IT managers believe the time spent on non-work-related sites is closer to 48 minutes — or the equivalent of four hours per week.

The survey also reveals that 23 percent of SMEs have web-security policies but don't require employees to sign up to them. Another 16 percent have no web-usage policy at all, preferring to trust employees to not put them at risk.

The SMB State of Security survey covered 375 IT managers and 375 employees from companies of between 100 and 250 users in France, Germany, Italy, the Netherlands and the UK.