Small Business and Cybersecurity


Small business owners often believe that their organizations are not susceptible to cyber attacks and data breaches. The main reason stems from a false belief that hackers and cybercriminals are only interested in large organizations with massive amounts of data or with access to a larger customer base. However, results from recent research suggest that small businesses tend to have a false sense of security. Statistics indicate that small organizations are just as likely to fall victim to attacks and that, during the last few years, small businesses targeting has risen sharply. Therefore, it is imperative that small organizations begin to improve and implement security policy and protocols.

Small businesses tend to have more difficulty protecting themselves from security threats than larger organizations. Generally, big businesses have larger budgets that provide the ability to hire specialists in network and cybersecurity. Additionally, larger businesses can invest more capital and protect data by purchasing high-end equipment that is generally beyond the reach of small organizations. Even with the massive amounts of capital invested in security and data breach protection, businesses the size of Target and Sony are victimized by hackers. If these businesses are unable to protect sensitive data, how can small businesses hope to protect themselves from similar attacks?

Even though small business owners do not have the same access to the same types of protection afforded to large organizations with large budgets, small businesses do have the ability to develop security protocols and establish programs that can improve overall security and limit the vulnerability to cyber attacks. The Federal Trade Commission (FTC), for example, developed a set of steps that can help businesses of any size improve security. These steps include improving security by limiting the amount of data collected. Furthermore, the FTC suggests that businesses control access to sensitive data, require passwords that are secure and implement two-factor authentication, protect data during transmission, segment the network, secure or limit remote access to networks, among others.

Businesses can take additional steps to improve security. For example, organizations can begin with training employees. Research results indicate that at least 48 percent of data breaches in small and medium enterprises (SMEs) are caused by employee mistakes. Therefore, by raising awareness and training employees on best-practices can greatly reduce security threats. Small businesses can also take simple steps such as installing anti-malware, antivirus, and antispyware software and ensure that the threat definitions are up to date. Furthermore, business owners can create organizational policies where employees are encouraged to maintain operating system updates updated.

SMEs can take steps to secure their networks. One simple and affordable way to significantly improve security is to invest in a firewall. Firewalls are not as expensive as in past decades and are perfect for small business implementation. For example, the Meraki MX64, which is available for purchase at Hummingbird Networks, is an integrated security appliance priced for small businesses. The device is plug and play and its configuration is simple and straightforward. Companies that manage to combine well-implemented security protocols, employee training, and firewalls can improve security significantly.

Organizations of all sizes are pressured by the government, customers, and the general public to keep data safe and treat information with dignity and respect. Furthermore, companies that experience data and security breaches not only gain a bad reputation but also lose revenues. It is indispensable for businesses of all size to protect their networks. With access to more robust firewalls and implementation of proactive security policies, all businesses can provide customers and the general public with a better management of data.