The survey, titled HP Australia IT Security Study, covered 528 SMBs with between 10 and 99 employees across the services, production, retail and hospitality, health and education, and distribution industries.
- almost half of all Australian SMBs with an annual turnover of more than $3 million do not consider themselves to be prepared for the mandatory data breach disclosure laws that will come into operation from 22 February;
- only 18% have a compliance policy in place while 33% are developing a policy;
- fifty-seven percent of SMBs have not done any sort of IT security risk assessment in the last 12 months;
- of the 43% of SMBs that have undertaken a risk assessment, 29% included printers in their analysis, a device that is increasingly an entry point for data breaches;
- sixty-three percent said their employees worked remotely on a regular basis, and as a result were becoming increasingly concerned about associated security risks;
- sixty-three percent allowed employees to access company data from personal devices;
- less than half (44%) of respondents have a security policy in place for employees that bring a personal device to work; and
- only 37% restricted the data that could be accessed from the device.
“The consequences of a data breach can be severe; from financial to brand and reputation damage,” said Paul Gracey, director, Printing Systems, HP South Pacific.
“Endpoint security — at the device level — is critical to that mix. Organisations tend to rely solely on third-party software security to protect their devices when, in reality, stronger and better business security must be integrated into the device itself.
"With hackers able to bypass traditional network perimeter security and anti-virus programs, it’s time we scrutinise a hardware’s security as closely, if not more, than our external security solutions.”
One aspect of security that was not looked at much was the threat from accessories like printers; while 43% of SMBs had done a security analysis, only 29% had taken printers into account.
“Security threats are evolving every day. Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and unfortunately printing and imaging devices are often overlooked and left exposed,” said Gracey.