Fewer than half New Zealand's small and medium-sized businesses have documented procedures for recovering from an IT disaster, despite almost a third expecting to suffer from a technology meltdown over the next year.
The figures come from a survey by the Employers and Manufacturers' Association, IT services company Maclean Computing and security company Symantec.
It found that 49 per cent of companies had no documented processes for how to recover from an IT outage.
This was despite more than 60 per cent of those surveyed saying they had experienced an IT outage in the past 12 months and 32 per cent expecting such a failure over the next year.
The survey polled more than 200 IT managers at businesses with fewer than 500 staff. It found that power cuts, equipment failure and human error were a greater risk to company technology and the data it is supposed to protect than attacks from hackers and cyber criminals.
Sixty-two per cent of businesses said they had suffered a power cut over the past year, while 37 per cent said their computer system had failed over the same period. Forty-eight per cent were expecting a power failure over the next 12 months, but only 23 per cent were confident their company's information would be protected if or when the lights went out.
Symantec director Steve Martin said the survey showed local businesses were protecting themselves against malicious attacks. Ninety per cent had upgraded their security software in the past year and 74 per cent said they had password protection on all their company's computers.
Fourteen per cent of those surveyed had experienced a virus or hacking attack in the past year.
Martin said that while businesses were doing what they could to protect themselves against cyber threats, "the survey also shows that businesses aren't taking basic precautions against the most obvious risks often caused by human error and poor IT policies".
Twenty-two per cent of businesses said they had lost a laptop or smartphone but 36 per cent said they rarely or never backed up information stored on company laptops.
Twenty-nine per cent said they had been the victims of staff accidentally deleting information while 19 per cent had experienced staff accidentally emailing company information to the wrong recipient. Despite this only 10 per cent said they were encrypting confidential information in emails.
The Employers & Manufacturers' Association's employment services manager, David Lowe, said employers needed to do a better job educating staff on IT threats and how to avoid them.
"Businesses put themselves at significant risk if they don't ensure their IT policies keep abreast with the latest threats and continuously provide staff with the training they need to protect their critical business information."
The survey found 35 per cent of businesses expect to increase their IT budgets over the next 12 months while 56 per cent expect to spend the same as last year on technology.
AVOIDING DISASTER
* Develop an information protection plan that defines the procedures, guidelines and practices for securing and managing company information. Include detailed backup and recovery procedures.
* Educate staff to avoid clicking on suspicious links in email, instant messages or on social networking sites.
* Use hard-to-guess passwords that have at least eight characters and combine letters, numbers and special characters.
* Combine security, backup and recovery software.
- Source: Symantec
Businesses at risk from slack IT policies
AdvertisementAdvertise with NZME.