Small companies face hacker threat

Half of all small to medium-sized businesses that manage their own security will have been hit by an internet-based attack by 2003, industry analyst Gartner has warned.

Worse still, more than 60 per cent of those smaller businesses which fall victim to attacks such as website defacement or the spread of viruses will be unaware of the problem.

According to Gartner, the issue exists because small to medium-sized enterprises (SMEs) are ill prepared to identify and respond to internet attacks. The researcher recommends that they develop security measures as a matter of urgency.

Gartner said the research should act as a wake-up call for a class of company that has neglected internet security concerns. Its research paints a picture of firms using inexperienced employees to manage key services and using regional ISPs that provide unknown levels of security.

Matt Tomlinson, business development director at security firm MIS Corporate Defence, agreed with the findings of the study.

"In the SME environment, security tends to be fairly lax. One of the main reasons for this is that systems departments in small firms have become stretched as IT becomes more important to their business," he said.

According to Tomlinson, the issue is important because smaller companies, which may feel that they cannot afford security, are more likely to go out of business following a hacker attack. He added that larger companies can be left vulnerable to security loopholes left open by their partners, such as accountants, ISPs or website hosting firms, whose security can sometimes be "flaky".

To reduce their vulnerability to attack, Gartner recommends that smaller companies invest in a security audit and risk assessment at least once a year. Antivirus protection is a must.

Smaller firms should consider managed firewall and intrusion detection services or else use simpler appliance-type devices, and secure remote access with strong authentication.