Many small business IT managers are concerned about employees' lax attitude to online security and the business threat this poses, a new study shows.A quarter of those surveyed in the Websense-commissioned poll blamed their staff for not doing enough to guard themselves against online risks.However, 16 per cent of the European SME IT bosses surveyed admitted to not having any sort of internet policy to educate staff about appropriate behaviour, while a further 23 per cent said their usage policies were only a verbal agreement."We urge all small to medium size businesses to make IT security a business-critical issue," said Mark Murtagh, technical director of Websense, reports PC Pro. "Leaving their employees to make security decisions based on what they feel is right is not only putting company confidential data at risk, but also adding strain to the IT department."Internet use policies need to be automated to ensure that hidden dangers are found and protected against," he added.The study also found a discrepancy between the 30 minutes workers claim they spend online not working each day and the 48 minutes that IT managers believe is actually the case.© Adfero Ltd