While the majority of SMEs remain focused on the more traditional threats to IT security, such as email and web viruses, they are becoming aware of new ways in which their organisational security can be compromised, including theft of information and social engineering.