Independent research commissioned by Websense, Inc. has revealed that a quarter of IT managers within small and medium sized businesses (SMBs) throughout Europe believe that employees are ultimately responsible for IT security breaches.
The survey of a total of 750 IT managers and employees in SMBs across five European countries was carried out by Dynamic Markets.
The SMB State of Security (SOS) survey revealed that European employees are spending an average of just under two hours a day on the Internet - with over half an hour browsing non work-related sites. Yet, IT Managers believe that employees are spending an average of 48 minutes a day surfing non-work websites - equivalent to 4 hours a week.
Although employees acknowledge that they spend an average of two and a half hours a week freely surfing the Web for pleasure, less than half (47%) of European IT Managers surveyed use Web filtering software to protect their employees from hidden and invisible Web-based threats.
Furthermore, almost a third (31%) of employees surveyed said they could not live without being able to access Websites at work known for being high security risks, such as peer-to-peer (25%) and free software download sites (17%).
Twenty-three percent of SMBs have Internet use policies in place but do not require an employee to officially sign the policy. A further 16% admitted to not having a usage policy at all, saying that trust in their employees was adequate in order to prevent abuse.
Yet nearly a third of IT managers (32%) rated 'employee behaviour' as the leading cause of job frustration when it comes to implementing and maintaining IT security, with 'IT security not being high enough up the corporate agenda' as the second highest at 27% and 'budget constraints' coming in third place at 21%.
Nearly a fifth of IT managers (17%) believed that SMBs should have less protection in place than large organisations because they are exposed to lower levels of risk. A further 7% believed that less protection was inevitable due to smaller budgets at SMBs compared to large companies.
A significant majority, 71%, felt all companies should have equal levels of protection, irrespective of their size. With user error being the most predominant cause of Web-based security breaches, lack of company-wide understanding around IT security has left SMBs wide open to Internet security threats.
The survey also reveals the majority of SMB employees are placing a false sense of security in their IT department, with two-thirds (66%) entrusting blind faith in their company to protect them from every Internet security threat. For example, only 31% of employees who have used their personal credit card at work have questioned their IT department about whether their PC was protected against identity theft.
"We urge all small to medium size businesses to make IT security a business-critical issue. Leaving their employees to make security decisions based on what they feel is right is not only putting company confidential data at risk, but also adding strain to the IT department," said Mark Murtagh, Technical Director, Websense. "Internet use policies need to be automated to ensure that hidden dangers are found and protected against."