No anti-virus, anti-malware, or firewall software. This normally translates into loss productivity when workstations are taken out by these malware. Spam is also another items that can be added here as people spend more and more time filtering spam than reading valid email.
No investment for PC upgrades. This also translates into loss productivity. As workstations fail, companies spend more and more time fixing them. This is why desktop support is rarely a problem when companies start-out. But, it becomes a major problem when companies grow.
No Perimeter Protection. It is typically difficult to invest in workstations protection for all the workstations. One of the most basic things a company can do is enable firewalling in their DSL routers.
No Use Education on Information Security. This is the single most important aspect of information security. As a greater number of exploits are targeted to people and not machines.

There are many more cases of SME-technology-hits-me-in-the-head problems. It would definitely help if students were aware of these even before they hit the streets and the halls of Makati.

it would be good if schools could integrate security courses and topics into the curriculum of computer science, information systems and management -related courses to raise the awareness regarding information security. too many students are coming out of college knowing a lot on what and how to setup businesses and information systems, but little on why and how to protect them.

yes, they might know that they have to protect their intellectual property, but framing “virtual assets” with a “brick-and-mortar” business perspective usually limits the security measures down to patents and security guards. crude and effective, but insufficient. information security as a part of TCO rarely comes to mind. in addition to that, most startups skip information security to cut down on costs. as they grow bigger, these companies then play an expensive game of information security catch up.