Coping strategies

What measures can small and medium businesses take to stay in a healthy state?

Small and medium-sized businesses (SMBs) are exposing themselves to too much risk by failing to protect their IT infrastructure. In most cases they do not have the bandwidth to deal with this risk, and they should welcome help to deal with it from resellers.

A recent Quocirca report shows that for SMBs of all sizes PC penetration rates are high. Only about three per cent remain unconnected to the internet.

Ninety per cent of medium-sized businesses (with 50 to 300 employees) have servers and internal networks and this figure falls only to 70 per cent for small businesses (less than 50 employees). A total of 40 per cent of medium-sized businesses are using advanced network-based storage options.

SMBs are not luddites.

But their infrastructure is at risk because SMBs lack the time and resources to take care of the detail. They do the basics, such as backing up servers and securing web connections. But they are failing to protect one of the most important parts of their infrastructure: their employees' PCs.

Be they desktop or notebook devices, these are the most common point of failure and represent a major risk. Less than 50 per cent of SMBs in the survey were certain they had a backup routine for PCs. If they did, for most it was carried out only once a week or less. About 50 per cent of the total were not even sure if they had basic PC security installed.

Few had automated patch management software, leaving servers and PCs exposed to the viruses that get propagated by the bad guys as soon as vendors admit to software vulnerablities when they release patches.

A closer look at the deployment of software explains some of the problems SMBs face in protecting their systems. Windows is pervasive on the desktop and the most widely used server operating system, but most SMBs are using old versions.

For many, this use of old software is neither something they can or want to change. The attitude of 'If it ain't broke don't fix it' pervades. Many are reluctant to make changes to working systems just because a vendor wants them to. These changes can be disruptive and expensive.

It is not just the cost of the software upgrades themselves. Upgrading PCs to Windows XP often requires additional memory to be installed or new hardware all together. This does not mean all SMBs are strapped for cash, just that their systems work and they have better things to spend their money on.

But cost and inconvenience are only part of the story. The biggest barrier to cross, in order to get SMBs to better protect their IT and data assets, is their lack of resources. One in three medium-sized businesses and 90 per cent of small businesses do not have an IT manager. Even when they do it is often only a part-time job.

So what advice can VARs give to SMBs to help them prevent system failure and the consequent disruption to their businesses? There are some basic steps that do not require infrastructure change or system software upgrades and, once these steps have been taken, little day-to-day maintenance is required.

Basic security software can be installed on all PCs and set to update itself. This will help prevent operational failure of PCs. But hardware malfunctions will still occur sometimes, and of course, computer equipment is often the target of thieves, especially when it is being carried around.

So PCs need to be backed up on a far more regular basis than is currently the case.

Again, this is not hard. PC backup routines can be automated, scheduled to run at quiet times and even from remote locations over the web. Good backup software will only look for changes, so this means moving huge volumes of data around.

PC backups can be aggregated on a central server or networked storage device if a server is not available. The regular backups of central storage will then include all data stored on PCs as well.

There are other steps that SMBs could take. None of them are particularly disruptive or expensive. Quocirca's report, Protecting the IT and Data Assets, is free to CRN and VNU readers here.. It includes a checklist.

Resellers should consider offering SMBs a health-check. Those that are receptive might save themselves serious cost and inconvenience in the long term.

To see the illustrations associated with this report please click here.

CONTACTS

Bob Tarzey is service director at Quocirca.

Quocirca (01753) 855 794
www.quocirca.com