Dashboard: November 2007
Survey Finds False Sense of Security at SMBs
A recent study suggests that small to medium-size businesses are not as safe from Internet security threats as their employees think they are.
While 68 percent of IT managers and employees at SMBs indicated that their companies were either “100 percent protected” or “very well protected” from Internet threats, actual security measures in place fall far short of that perception, according to an independent survey commissioned by Websense. Data in the study came from interviews of 450 employees (225 of them IT managers) at companies with 100 to 1,000 employees.
Despite those high levels of confidence, fewer than half the companies (46 percent) whose employees were surveyed had software in place to protect company confidential data; just 53 percent had software to block spyware from sending information out of the organization; and only 45 percent of companies were using Internet content blocking tools. And those were the commonly taken security steps.
According to the survey, just 19 percent of the IT managers said their companies blocked peer-to-peer applications and only 20 percent blocked the use of USB memory devices and iPods in the workplace.
The average time that employees have continued to use their work computers without security updates was more than 21 days, while 11 percent said their computers had never been updated.
The overwhelming majority of IT managers (94 percent) said that their company had an Internet usage policy in place, but 12 percent said they had no way of enforcing the policy and just 45 percent of companies with usage policies backed them up with Internet content blocking software.
According to a recent BizTech poll, almost 70% of businesses do not restrict the use of USB flash drives in their organizations.
Do you restrict the usage of USB flash drives in your organization?
- 4% We do not allow USB flash drives at all
- 27% We limit usage to certain employees/situations
- 69% No, there are no restrictions
Fight Phishing With Phil
For the gullible folks who still take the bait from phishing e-mail that make it through the company spam filter, an animated fish named Phil would like to help. Phil is the star of an interactive online game developed at Carnegie Mellon University in Pittsburgh to teach people how to recognize and avoid phishing and other e-mail scams.
In preliminary tests, subjects who spent 15 minutes playing the “Anti-Phishing Phil” game became more adept at identifying fraudulent e-mail and suspicious URLs than those who spent the same amount of time reading tutorials or other educational materials on the subject.
In September, the scientists at the CMU Usable Privacy and Security Laboratory invited the public to dip into Phil’s pool of information by visiting the game online (cups.cs.cmu.edu/antiphishing_phil). Participants were asked to take a short quiz before and after playing the game to see if their scores improve. Early trials showed that scores jumped from 69 percent correct before playing in Phil’s school to 87 percent afterward.
CRM Rises Again, Especially in SMBs
Midmarket companies are going to spend almost 22 percent more on customer relationship management software in 2008, according to a report issued by AMR Research in September. Those companies are going to lead the way in a 16 percent CRM spending spree for organizations of all sizes, the report says.
The increase is driven in part by interest in customer management software delivered as a service, which is also responsible for a dramatic increase in upgrade rates (65 percent of companies upgrade their existing CRM software annually), according to AMR Research.
The analyst firm did raise some red flags about CRM, which was a hot technology category in the late 1990s but cooled largely because of problems companies experienced in deploying the systems. According to the report, 29 percent of companies surveyed experienced CRM implementation failures that prevented them from bringing the system online. Once the systems were up and running, between 33 and 47 percent of individual applications were facing user adoption issues. The report indicates that 25 percent of all CRM licenses go undeployed.
The report is based on a survey of 190 IT and line-of-business decision-makers.
According to a recent BizTech poll, almost one-third of businesses are or are considering centralizing and virtualizing their desktop applications. Does your company utilize virtualization for desktop applications?
- 68% No
- 16% Yes
- 15% No, but we’re considering it
- 1% Don’t know
Remote Backup Remains a Gap in Data Protection
Few companies of any size would deny that the data used, generated and modified at remote offices is critical to their businesses. If that data is lost, corrupted or unavailable for any length of time, the consequences can be dire, yet remote backup is a weak link in many companies’ data protection strategies, according to a study by Aberdeen Group released in September.
In an effort to evaluate remote backup practices, the analyst firm surveyed 211 companies, with 76 percent of respondents from small or mid-size companies.
There was a significant difference in the performance of the top 20 percent of companies — the “Best in Class” as calculated by Aberdeen Group — and the rest of the pack. Figures for all companies surveyed indicated they were successful in recovering more than 90 percent of remote data just 38 percent of the time on average, while the top 20 percent were 100 percent successful to that level. Fewer than a third, 32 percent, of all companies have applied service-level agreements to their remote backup, as opposed to 83 percent of the Best in Class. On average, all the companies surveyed backed up just 51 percent of their remote data, as opposed to 82 percent for the Best in Class.
As a group, the companies with the best remote backup strategies tended to use central IT resources or third-party services for backup, tested remote data recovery regularly, and stored the remote office backup data in a secure offsite location, according to the survey.
Double the Memory, Double the Cell Phone Fun
Researchers have found software technology to ease the squeeze on sleek cell phone hardware, as user demand rises for more memory-eating features such as cameras, games, video players, Internet access and Global Positioning System applications.
Engineers at Northwestern University in Evanston, Ill., and NEC Laboratories America in Princeton, N.J., can double the memory of embedded systems, including those in cell phones, by altering the devices’ operating system software. The increase in memory is achieved without changing the hardware, the applications running on the device or the amount of power it consumes, according to Robert Dick, assistant professor of electrical engineering and computer science at Northwestern.
The new approach, called CRAMES (compressed RAM for embedded systems), integrates compression technology directly into the OS, which then compresses selected portions of the memory. When an application needs data, the OS transparently uncompresses it while the application continues to run. The researchers are currently working on improved compression algorithms.
NEC is already using CRAMES technology based on a pre-existing compression algorithm in a new smartphone, the FOMA 904i, available in Europe and Japan.
