Why small businesses should take security seriously

Just because you are a small business compared to Target, Walmart or Best Buy does not mean that you do not need to worry about your IT security. In fact, you should probably worry more, because you are an easier target with less money, manpower, technology and protection in your security program compared to the large companies.

Small companies can be easy targets, but they can also play a huge part in compromising bigger companies. The attackers may not be coming after your goods, but they could easily be targeting a large client of yours. Which is worse? Losing your data or losing your largest customer and the trust of others?

The greatest data risk for small business owners most likely involves malware attacks. Most small businesses do not host their own web or email servers on location, so sometimes the point of attack can come via social engineering. These are obviously issues in the enterprise as well, but it can be devastating to a small company that lacks a true security or IT team. Employees are busy growing the company, wearing many hats and emails are flying back and forth. It would be quite easy to slip in a malicious PDF posed as a market study or financial report from a competitor. Without the proper people, processes and tools in place, this could easily turn in to a company-wide compromise.

Remember though, hackers are running a business as well, so the more time they spend attempting to access your data, the more they are losing money. It should be the end goal of any security team to make infiltrating a target so complicated and taxing that it is not worth the time investment. The price per account shrinks with every minute spent on the attack.

Small business owners need to be vigilant and aware of the possibility of attacks. A lack of awareness of a security breach even happening is the weakest point for small business owners.

User awareness programs are an investment of employee time, but can be cheap in real dollars in the long term. Even offering monetary rewards for identifying phishing attacks can help promote awareness and limit security issues that affect your organization.

Time is money, but it’s a great way to extend your potentially limited security resources to a more guerrilla force.