Disturbing fact: Businesses with poor data-protection practices are dangerously compromising their bottom line, according to a recent study conducted by data-encryption company PGP Corporation.

Fiaaz Walji, Canadian country manager at Websense, a San Diego based global IT security-consulting firm, explains why IT security must be a top priority for small-business owners. Walji debunks myths and, most importantly, gives tips for implementing an IT security program that protects data and confidential business information and prevents cyber break-ins.

Three reasons why IT security is critical for small businesses:

1. Every day, there are more cyber threats to businesses – new and more sophisticated methods of compromising networks are employed.
2. Ninety percent of unwanted e-mails contain a link to a spam or malicious Web site, according to Websense research.
3.  Small businesses that don’t have e-mail security with Web intelligence risk infection. Websense’s State of Internet Security Report, released in January 2009, found that organizations (big and small) are faced with a deluge of blended threats, which include links found in e-mails and those posted to legitimate websites used every day by business owners.

IT security myths debunked

Myth 1: Small businesses can’t afford a real security solution. 
 Truth: No business can afford not to have IT security protection. Eighty-two percent of data that was either lost or stolen in 2008 could have been avoided if the business had followed a simple cyber plan, according to The Symantec Threat Report, published by security-software company Symantec Corporation. “There are many affordable options, such as software-as-a-service security because it eliminates the need for hardware, maintenance and updates,” says Walji.

Myth 2: Small businesses don’t have the same security requirements as large companies. “The average small-business owner thinks it can get away with a simple firewall with no dynamic updating,” says Walji.
Truth: Malicious viruses are equal-opportunity offenders. They attack small companies just as readily as global conglomerates.

Myth 3: Business owners equate IT security with perimeter protection.
Truth: “IT security is much more than protecting the bad guys from getting into your network,” says Walji. “It’s about properly managing content inside the organization’s network and determining which employees should have rights to exclusive, confidential information.”

How to protect business from cyber thieves: IT security tips

Walji advises business owners to take the following IT security  implementation precautions.
• Newest top-rated antivirus software. The single biggest threat to small-business networks is viruses, says Walji. “All computers should have some kind of anti-virus software installed,” he says. Walji prefers Norton and McAfee. But whatever program is used, make sure the software is updated on a regular basis.
• State-of-the-art firewalls. Most small businesses have DSL or cable for Internet access, says Walji. “All of these connections have a small firewall, like a D-Link or Linksys brand appliance. They are better than nothing, but they’re not the most robust firewalls in the world, and in many cases will not provide adequate protection.” Small businesses would be better served, advises Walji, with a higher-grade firewall, preferably an application-layer firewall. Even better is a Unified Threat Management appliance, because it offers multiple edge-of-network security features like network-based antivirus, intrusion prevention, and anti-spam.
• OS patching. Businesses running Microsoft Windows XP and Microsoft Office may be vulnerable, cautions Walji. Microsoft’s operating systems are a popular target for hackers. “Historically, they’ve had many vulnerabilities,” says the IT security expert. Microsoft security software will work if the business is diligent about keeping products up to date with the latest patches.

Final word: Consider hosted software solutions. Small companies can save a great deal because nothing (hardware, bandwidth, and storage) is maintained or deployed on-site. Advantages include elimination of the risks and uncertainty that  are part and parcel of managing an in-house security solution; and predictable service costs (no surprise maintenance fees or upgrade requirements).

For more information about Websense, visit its Web site at www.websense.com.