Top Barriers to IT Security for SMBs

Top Barriers to IT Security for SMBs
Small and medium-sized businesses (SMBs) continue to play a foundational role to the economic success of many communities, cities, and states,and they have had quite a year. 2020, as it stands, has had SMBs in a variety of industries, pivot from in-person transactions to primarily online customer interactions. This massive shift has not only challenged the way business is conducted, but has also set the stage for SMBs to increasingly be the target of cyber attacks.

Through these transitions, many other barriers that prevent SMBs from having a robust network security solution in place, have not changed. Nearly 40% of SMBs still budget less than $1,000 to network security systems and solutions, and in addition to these small budgets, 72% continue to disperse IT responsibilities across other internal roles. These two barriers alone would make combating network security an uphill battle. This year, however, a third barrier emerged – rogue employees, or, employees who do not follow IT security guidelines.

Breaking Down the Top Barriers

Drilling down into the needs of SMBs, understanding these top three roadblocks in detail can help any network administrator or IT Professional provide a more enhanced network security solution.

  • Budget Limitations – In Spiceworks’ State of IT Report 2020, most businesses anticipated top line revenue increases in 2020. With this increase in revenue, many of the operational budgets were set to increase. The report states, for example, that while IT budgets may be increasing, only a small portion of this budget is allocated to security appliances (6%) or the network (7%). The remainder of this budget is dedicated to laptops, desktops, servers, tablets and mobile devices, and telephones. Understanding that IT budgets are more than just network security is critical in helping SMBs find a security solution within their price point.
  • Personnel – This year, internal personnel is packing a one-two punch for SMBs. The 2020 SMB IT Security Report continues to find that SMBs are spreading IT responsibilities across multiple roles internally. This is usually the case when an SMB does not have a dedicated network administrator. They are using the most technology savvy person to ensure their website is properly functioning, someone in HR who manages onboarding and account access, and a third person who is responsible for tracking and tracing all business-related hardware devices. Spreading these duties across multiple roles opens the organization up to major vulnerabilities and backlogs. Many times software patches can lapse, hardware may be outdated and unable to effectively support software applications, or employee access can remain long after they have left the company. Spreading these duties across multiple roles can appear to be easing the strain on an SMB, but it is really creating gaping vulnerabilities for cyber criminals to exploit.

According to the Untangle 2020 SMB IT Report, 24% of SMBs identify rogue employees, or employees who ignore or do not actively follow IT security guidelines, as one of their top three barriers to successful IT security. Employees, especially as many who have traditionally been in office settings are now adjusting to working from home, should be viewed as the first line of defense for any SMB. Continuous training about common cyber criminal tactics, such as Phishing emails and malicious links, along with preventive tactics, like strong password hygiene are more important than ever before.

What Can SMBs Do?

As SMBs look for solutions to these pain points, there are a few easy tools they can implement within their current systems to protect their network.

  • Create an ongoing Employee Training program – employees should be continuously trained on how to spot phishing emails, notice suspicious network activity, and the proper protocol for reporting these events. Business Leaders should make a concerted effort to continuously communicate with employees when a large scale data breach is reported in the news. They should outline details about the data breach, steps they can take individually and steps the business can take as a whole to prevent similar attacks happening to them. Encouraging employees to implement two-factor authentication and use strong passwords, or, as they are working from home, connect to the corporate network via VPN. Each of these activities can be done with limited resources or minimal financial impact to the organization.
  • Segment Network Access – If IT responsibilities are going to remain spread across numerous roles, any lead network administrator should create access parameters for employees based on their department, working hours, or other criteria. This segmentation, for example, would prevent someone working the front desk or reception area, to have open access to business financial data. Segmenting the network creates a multi-layered security system, and, in the unfortunate event that a breach occurs, cyber criminals can only access a portion of the network.
  • Deploy a Next-Generation Firewall – Using the advanced filtering capabilities of a next generation firewall can solve many problems SMBs are currently facing. With next-generation firewalls, the depth of the technology, along with the ability to gain additional visibility into the network as a whole expands how network administrators are able to protect business-critical information. Advanced virus blockers, SSL inspection, and intrusion prevention, are all tools that can be used to detect suspicious activity and stop an attempted cyber attack.


SMBs will continue to do more with less as they move forward to complete this year and look toward 2021. To overcome their continued barriers to complete IT security, SMBs can begin implementing these foundational and low-cost policies and tools today. Cyber criminals will remain a constant threat to SMBs, but taking the steps to streamline, organize, and address current vulnerabilities can aid in stopping attacks before they even happen.

To download the full Untangle SMB IT Security Report click here.