SMBs must be serious about information security

It seems that many small businesses have a “bigger fish to fry" mentality concerning information security. Small and midsize businesses (SMBs) tend to think they're safe from data security threats because hackers and digital criminals surely must have more to gain from targeting large firms, financial institutions and corporations. Unfortunately, they couldn't be more wrong. In fact, small and midsize businesses are quickly becoming hackers' favorite targets — precisely because SMBs believe they're not in any danger.

In a way, “small" business is a misnomer. SMBs account for half of GDP1 in the U.S., and nearly 60 percent of GDP in many European and Asian nations. And the customer information and financial data they possess and process is just as vital and valuable as it is in any large organization. The customer that has their data exposed isn't going to care how large the breached company was.

There is a combination here of wishful thinking and practical limitations. On the one hand, SMBs tell themselves a harmful breach won't likely happen to them. On the other, even if they do respect the danger, they don't have the resources to mount an adequate defense.

SMBs are facing the same cyber threats as large enterprises, but have a fraction of the budget to deal with them. At a small company, IT duties might fall to someone whose primary role is something entirely different; that person ends up handling the company's data security because, well, someone has to. Even when there is a dedicated IT staff, it can be just one or two people, charged with everything from fixing the faulty Wi-Fi to keeping all company software up to date to making strategic plans for the company's data foundation, to ensuring data security.

And with a massive to-do list, defending against data-stealing and unseen criminals on the other side of the world may not seem like a top priority. Not to mention the skill set required — large companies have a difficult enough time finding and retaining top-notch data security resources, let alone an SMB. The writing is on the wall: If they rely on wishful thinking or meager protection, SMBs simply will remain unsecure and prime targets.

The first step for every small business is to understand and accept the risk: Breaches are definitely possible — you might even think of them as inevitable — and preparation is absolutely necessary.

The next step is to assess your data security capability. Do you have the staff and budget to make security a priority? And can you keep track, in the midst of your ongoing work, of software patches and antivirus updates? New breeds of malware emerge every day. Is your security platform equipped to detect them?

It takes powerful, skilled and high-demand resources along with steady monitoring and maintenance to confront today's threats. For businesses who find it hard to carry the data security load on their own, an outside partner in IT services can be a critical resource. A Managed Security Services Provider (MSSP) can handle round-the-clock network monitoring and crucial patches and updates — precisely the kind of IT work that can easily fall through the cracks (even at large companies). With an MSSP on the job, small businesses don't need to become IT experts. A third party can leverage its expertise to find security solutions that fit a company's needs, allowing the owner and staff to focus on the duties and ambitions that make the business one worth protecting in the first place.

Investing in a partnership can be less expensive than doing it all in-house — and it's certainly less expensive than doing nothing and letting your data walk right out the door.