Information Security: A Strategy for Small Business

The Internet’s importance to businesses of all sizes and across all industries is indisputable.  Beyond optimizing efficiency internally, the Internet also provides innumerable opportunities for business development in new and larger markets.  Whether a business is utilizing the most advanced cloud solutions or simply using email and maintaining a website, security procedures and awareness should be a part of the plan.  Theft of crucial data has become the most commonly reported fraud in the United States and can be devastating financially. Information security responsibility is incumbent upon every business that utilizes the Internet.  A culture of security not only optimizes business efficiency and consumer confidence, but can save significant money over time.

While many small and medium-sized businesses acknowledge the threat posed by constantly evolving cyber attacks, many mistakenly assume that attackers exclusively target large businesses.  Statistics compiled by Small Business Trends in 2016 tell a different story:

  • 43% of cyber attacks in 2016 targeted small businesses
  • 60% of small companies go out of business within six months of a cyber attack
  • 48% of data security breaches impacting small businesses were caused by acts of malicious intent.  Human error or system/software failure account for the rest
  • 8% of small businesses identify employee record protection as a primary security concern.  Aside from credit card data, personally identifiable information (PII) is the primary target of all attackers.  Bulk data collected over time is routinely sold on the dark web for millions of dollars
  • 50% of small businesses reported a data breach involving customer or employee information between May 2015 and May 2016
    • With web-based attacks and phishing campaigns leading the way, these companies spent an average of $879,582 because of damage or theft of assets and reported an average cost of $955,429 due to disruption of normal operations

Gartner recommends regular penetration testing as the “only way to stay one step ahead of hackers”.  However, with penetration testing being heavily manual and requiring a significant level of experience and expertise, regular testing can be a cost burden to most small and medium sized businesses.  A balance between in-depth exploitative penetration testing and frequent, low-cost vulnerability assessments is essential.  Many small and medium sized businesses are unaware that solutions exist that fit their specific environments.  Regular testing, as mentioned above, can provide significant savings over time while also providing peace of mind to the business owner.  Secure Ideas’ low-cost Scout services are designed to not only provide that peace of mind, but help small businesses meet various compliance requirements.  

When assessing vendors for security solutions to your small business needs, consider the following:

  • Does the vendor have a defined process, checklist or methodology?
  • Does the vendor check for and remove false positives?  How?
  • What sorts of testing services are provided?  Does the vendor provide testing solutions for all major attack vectors?
  • What tools are used?
  • What is the turnaround time?
  • Are vulnerabilities simply identified or are practical and real-world solutions provided?

It seems today that attacks are sensationalized.  Many attacks have their own logos!  Responses to these threats range from sheer panic to patent denial.  Small business owners need a strategy and a partner that helps them make sense of the mania.  Identifying cost-effective solutions to the most basic concerns and threats to organizations with an Internet presence is the best place to start.  Make security a part of your business strategy. Realize that strong security measures optimize the rest of your IT environment and provide consumer confidence in your products.  By reducing risk in the present, your organization may also save significant money over time.

*** This is a Security Bloggers Network syndicated blog from Professionally Evil Insights authored by Andrew Cavin. Read the original post at: