Why Small Business Security Isn't a Small Matter
This article originally appeared on Sep. 20, 2016, and has been revised to bring our readers the most up-to-date technology information.
Cyberattacks are on the rise and have become increasingly sophisticated. The data breaches we hear the most about are those launched against enterprises, but this doesn’t mean smaller companies are immune. Cybersecurity is still the No. 1 concern for small businesses. In fact, Small to Medium Businesses (SMBs) are especially attractive targets because they lack the resources to hire IT security specialists or purchase the latest security technologies to defend against sophisticated hackers. To accommodate these ever-growing cyberthreats, changes need to be made to improve preparedness.
Defending against a security breach
Small companies that conduct a majority of their business online, as well as professional firms with high-stake clients, can be victimized by opportunistic hackers. While a large enterprise is affected by a security breach, a smaller company will face a devastating loss to their client base, or even go out of business, when hit by a cyberattack.
With more refined threats emerging every day, data security solutions should be a high priority for any SMB. This includes learning about the various types of security threats and vulnerabilities, and adding multiple layers of protection such as a comprehensive disaster recovery strategy.
A common issue that many smaller businesses face is that they can’t afford an enterprise-level portfolio of security technologies. They also don’t have a full-time business cybersecurity executive or department.
“Outside of the same security threats and risks that all organizations must contemplate, SMBs definitely are further challenged by budget constraints, competing priorities and ensuring they have the most up-to-date knowledge to make the right decisions,” says Ami Kron, director of strategic alliance at Insight.
“In many cases, security concerns were not on the planning radar of most SMBs a few years ago. Now, the added challenges of server/OS [Operating System] refresh activities have created a significant budget burden that wasn’t well planned for,” Kron explains.
“Compromises are being made either to extend or delay OS and infrastructure upgrades, or take ‘short cuts’ on overhauling the security infrastructure. The SMB space doesn’t have the resources to best approach the security-buying journey, so that knowledge gap, along with all the competing priorities, can lead to poor buying decisions,” Kron adds.
According to Figure 1, as of March 2017, 17% of small businesses in the U.S. use antivirus software to defend against malware. Are you part of this statistic? Do you have security solutions such as firewalls, anti-malware software, spam filters or data encryption in place to protect your sensitive data?
An outside solution for small business cybersecurity
Before moving ahead with a cybersecurity strategy, you need to first gain an understanding of what types of threats are targeting your business and what weaknesses exist within your own infrastructures. This can be accomplished via a security assessment, which not only provides an excellent security baseline, but also helps you select the best service provider to protect your organizations.
Hiring a managed security service provider to take on many of your organization’s security functions enables your businesses to better protect your assets at all levels while also having the time and resources to focus on business growth.
Testing to identify security weaknesses
Engaging in assessments helps close “the knowledge gap that can lead to money being thrown at the wrong problem,” Kron explains. “There are a number of vendors, resellers and independent security solutions providers that offer various assessment types.”
For instance, penetration testing will help your business identify vulnerabilities and/or weak points. “Similar offerings exist by different names, but they share the same focus, identifying risks. Assessments vary in pricing depending on the size of the environment being tested,” he advises. “Some rudimentary tests can even be found at no cost. If a business feels that they are at particular risk or bound by regulatory rules to protect any data or transactions they have stored anywhere, there will be a need to seek out an assessment offering that will specifically cover those areas of risk.”
In some cases, it may be best to obtain assessment services from an independent party that doesn’t sell the products or a reseller that offers broader security solutions that cover all aspects of your business.
Kron’s parting advice is, “There are great advantages for SMBs to engage IT-as-a-Service companies that can take ownership of protecting and securing IT infrastructure. The challenge is that a lot of business owners aren’t armed with the knowledge they need to vet the right providers.”