Smaller organizations are rarely secured to the same degree as large enterprises. They often lack budget for complex infrastructure and administrative protocols. For logical reasons, they tend to favor IT generalists over security specialists, creating a skills gap in security solution planning and implementation, and a bandwidth gap in management and monitoring. For productivity and cultural reasons, they often have liberal policies for mobility, use of in-office WiFi, installation of unauthorized applications, use of unapproved mobile devices and online services — "technology populism" that brings with it a host of potential vulnerabilities. Many smaller businesses are hard-pressed even to keep up with endpoint, server and asset software patches, so may leave common vulnerabilities in place for exploitation over long periods of time.