Quocirca Reports | Quocirca Articles | Key Analysts | Questions & Answers
Protecting the IT and data assets of SMBs
Small and mid-sized businesses (SMBs) are as reliant on IT as large enterprises, but have to manage their IT infrastructure with fewer people, who will often lack specialist skills. They need products that are easy to implement and manage but they can not be expected to invest time and money in extensive maintenance. SMBs' systems and processes will soon become outdated unless there is a high degree of automation. This report looks at the state of health of the use of IT by SMBs and considers how they can better protect their IT and data assets. SMB managers who read this report should be better armed to engage in discussions with their IT suppliers.
Key Findings

  • SMBs are as reliant on IT as enterprises and their use of IT is sophisticated.
    PC penetration is high. 70% of small businesses and 90% of mid-sized businesses are using servers and internal networks and only 3.5% are still not connected to the internet. Around 40% of mid-sized businesses are using advanced storage options.
  • But they have limited resources to deploy and manage their IT infrastructure.
    This leads to shortfalls in the way they protect their IT and data assets. One in three mid-sized businesses does not have an IT manager and the same is true of 90% of small businesses. Even when an IT manager is in place, it is often only part time.
  • This lack of resources means once systems are in place they do not receive regular scrutiny.
    50% of SMBs have not reviewed the security of their internet connection or checked their ability to recover from backup in the last 12 months. On desktop and laptop PCs, deployment of security software is inconsistent and backup procedures are patchy. They are more diligent about backing up servers.
  • Because of this PCs are a high risk area for SMBs.
    The most common IT malfunction experienced by SMBs is failure of PCs and the most common security threat they face is from viruses, most likely to arrive at an unprotected PC by email. Whilst Microsoft Windows is used across the board, it tends to be older releases and updating to the latest version is not practical for many.
  • SMBs are aware of the value of their data and the need to be able to retrieve it for future reference.
    90% have had to retrieve historic data at some point to satisfy auditors or some other regulatory requirement and 75% admitted to having had a problem recovering the required data on some occasions.
  • If SMBs' IT systems are not protected, system failure is likely to be painful.
    Whatever causes system failure, be it a security problem or some other malfunction or disaster, a poorly protected IT infrastructure is going to be harder to recover and in some cases recovery may not be possible. Either way it will be costly for the SMB, both through loss of productivity and data assets.
  • Mitigating the threats is not hard and the right products need little management once in place.
    There are a number of steps SMBs can take to mitigate these threats including the outsourcing of certain point solutions, automating desktop backup and installing security products that maintain themselves. This can all be done without needing to change the underlying infrastructure that has already been invested in - see the check list at the end of this report.