Untangle’s 2019 SMB IT Security Report, released on Tuesday, found that a gap exists between prioritizing and implementing IT security in small and medium sized businesses (SMBs). The track record of SMB IT security is not strong, with SMBs failing to practice cybersecurity prevention strategies in the past, and not much has changed, according to the report.

The report surveyed more than 300 SMBs to determine the current state of IT security in their organizations. While 80% of SMBs ranked IT security as a top business priority, nearly 30% spend less than $1,000 on the effort annually.

SEE: Tech budgets 2020: A CXO’s guide (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

More than half (52%) of SMBs said they distribute IT security responsibilities across other roles, rather than designating a specific department or job position to cybersecurity.

Some 74% of SMBs host at least a portion of their IT infrastructure in the cloud, which helps improve networking fabric resources, processes, and storage, the report said. However, 63% of survey respondents said that their business does not execute a firewall on their public cloud, creating a massive threat vector.

As SMBs expand, particularly through branch offices and remote workers, cybersecurity risks follow suit, the report said.

As one of the most underrated security risks for small businesses, remote employees pose a major threat. One way SMBs can protect those connections is through a software-defined WAN solution, according to the report, which helps to optimize internet connections and forge a global office network.

Currently, 40% of SMBs have at least five employee locations, but only 24% of respondents said they have already or plan on deploying an SD-WAN solution into their network infrastructure.

SEE: Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)

“Cyberattacks on SMBs will continue, but SMBs can take the steps to proactively secure their network today and prevent these attacks from causing large-scale havoc on their business,” said Heather Paunet, vice president of project management at Untangle.

How to stay protected

Paunet outlined the following four best practices SMBs should use to remain protected:

  • Choose a Unified Threat Management solution to provide protection at the gateway, blocking malware, spyware, phishing, and hackers before they reach the network.
  • Insist on VPN connectivity for remote and branch offices, extending the network security policies already in place at the headquarter location.
  • [Administer] consistent employee training to increase cyber threat awareness [among] employees to [help them] identify suspicious emails, attachments, and other malicious communications that may infect the network.
  • Establishing and defining User Access policies will allow businesses to manage network privileges based on group, department, or protocol—securing only those with authorized permissions have access to business-critical information.

For more, check out How SMBs can better protect sensitive data against cyberattacks on TechRepublic.

Also see

Image: iStockphoto/juststock