Small Business Internet Vulnerability
Too often, when we think of data breaches, we think of high-profile incidents involving major corporations such as Target and Sony. Just because big corporations are the most reported on, however, doesn’t mean they’re at the most risk. In fact, there’s evidence to suggest that small- and medium-sized businesses are increasingly becoming the target of choice for hackers. According to research by Symantec, cyber attacks on small businesses rose 300% between 2011 and 2012. Current statistics have organizations under 2,500 employees accounting for more than 50% of all incidents.
Understanding the Problem
Why is internet vulnerability in small businesses such a widespread problem?
- Poor Understanding of Risk
Many smaller organizations think their lower profile means they are unlikely to be the victim of a hack. Some may think they don’t have any data worth stealing. Others put too much trust in out-of-the-box security products without realizing the importance of technology policy enforcement. Small businesses are increasingly targeted because these are all weaknesses hackers can exploit for easy gains.
- Insufficient or Inappropriate Technology
Technology — such as intrusion detection, log correlation and other hardware and software systems — plays a large role in preventing security breaches, but the solution has to be appropriate to the scope of the problem. Because most smaller organizations lack a dedicated chief information security officer (CISO), decisions about cyber security are often made in an ad hoc way, and technology often suffers as a result. In addition to not having the right tools available, what’s there may be updated infrequently, applied incorrectly or set up in a manner that has serious implications for employee productivity.
- Poor Employee Training and Lack of Enforceable Policies
A small business’s web security begins with the people who access sensitive data. Unintentional negligence — such as leaving workstations unattended or clicking on embedded links in spam emails — is a major contributor to a poor overall security posture. Any small business information security evaluation that focuses exclusively on technology is based on an insufficient understanding of actuals risks and threats.
Making an Investment in Security
One of the larger reasons why many small businesses lack an appropriate cyber security posture is that they think of the costs involved as an expense that can be trimmed rather than an investment that can deliver a strong return if made smartly. Web governance for small businesses is about more than managing risk — it’s about helping your team be more productive and your organization more profitable, while keeping your data safe.
If you’re concerned about internet security in your small business, Utah-based Secuvant can help. Our small business internet security services look at more than just the devices and infrastructure in place. When you contact our team for a small business web security evaluation, our expert consultants take the time to get to know your organization and industry before looking at technology. Treating security in the larger context of organizational culture allows us to make more pragmatic, effective recommendations.
Focusing on business rather than technology means you don’t get stuck with devices, policies or protocols that don’t align with your overall goals. To learn more about the benefits of proactive web governance for small businesses or to schedule a consultation, contact our office today.