Skip to main content
April 16, 2015

Finding the Risk Factor in IT Security for Small Business

Finding the Risk Factor in IT Security for Small BusinessEnterprises are the ideal targets for hackers. That's common wisdom, backed up by story after story about big banks and retailers getting breached. It makes sense: These organizations hold massive amounts of customer data in trust — everything from credit card numbers to birth dates and e-mail addresses. As a result, successful attacks often mean big paydays for malicious actors. But IT security for small business is just as essential. Why? Because as big companies lock up their network and endpoints while stamping out zero-day attacks and other malware infections, cybercriminals are looking for other ways in, and they are looking to those small businesses that engage wtih large enterprises. Not to mention targetting those business outright.

Where's the Risk?

According to a recent article in Apparel, the biggest threat to companies worldwide is a cyberattack. Reporting on data from a Business Continuity Institute (BCI) study, the piece found 82 percent of business continuity managers "fear the possibility of a cyberattack," one point ahead of unplanned IT outages. Small businesses had the same fear but for better reasons: Only half are applying international standards for business continuity management. This makes them easy targets for hackers, who discover through only minimal reconnaissance that companies don't have the necessary protection in place to keep systems running if a widespread attack occurs.

The result? The Globe and Mailsays Canadian small businesses — many of which focus on achieving only the bare minimum of IT security and compliance standards to stay in business — are increasingly subject to threats such as ransomware and e-mail scams. In the case of ransomware takeovers, hackers are looking for quick money as opposed to big paydays, with many charging between $800 and $1,500 to unlock small business computer systems before moving on to their next targets.

E-mail scams, meanwhile — which typically consist of attachment-based malware that's used to infect and then scan company e-mail systems, providing a platform for fraudsters to send seemingly legitimate wire transfers — could easily cripple a small business. This is a more sophisticated form of attack than many small business owners anticipate; as noted by Kevvie Fowler, security and data expert for KPMG Canada, "A lot of times people think you're going to get a badly worded e-mail from a foreign country, and that's not the way it is. It's not 2003 anymore."

On Your Own

The Globe also notes that, in many cases, IT security for small business rests with companies alone, since law enforcement agencies are often unequipped to deal with online attacks, and any resources they do possess are used to combat larger threats. This means smaller organizations — which typically spend 3 percent to 7 percent of their budgets on IT security, as compared to 15 percent in an enterprise environment — are on their own when it comes to dealing with cyberthreats.

Here's the new reality: Small businesses are attractive targets for hackers because they're underdefended, are willing to pay, have little in the way of legal recourse, and could result in access to larger enterprises - an added bonus. So what can smaller companies do to help secure their interests? It starts with recognizing that meeting the minimum standard isn't good enough. By spending just slightly more each year and implementing even a few more security controls than average, small businesses can often persuade hackers to look elsewhere; after all, they're looking for the quickest, easiest attack vectors possible.

Small companies can also benefit from the rise of cloud computing, which has in many respects democratized the security landscape. It's now possible, for example, to tap enterprise-grade, cloud-based security tools that allow businesses to protect web, mobile and third-party apps without breaking the bank. Finally, it's imperative to create a culture of security at the basic business level; rather than being an afterthought, network defense must be a priority for all employees and executives.

IT security for small business is quickly becoming a big deal: Get protected, or risk getting targeted.

Photo Source: Flickr

Related Content

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.