Teamwork at the office.

SMBs must be serious about information security

by ​David Levine

Summary

Learn seriousness of information security and the impact of cyber attacks for small businesses.

Read time: 3 minutes

It seems that many small businesses have a “bigger fish to fry" mentality concerning information security. Small and midsize businesses (SMBs) tend to think they're safe from data security threats because hackers and digital criminals surely must have more to gain from targeting large firms, financial institutions and corporations. Unfortunately, they couldn't be more wrong. In fact, small and midsize businesses are quickly becoming hackers' favorite targets — precisely because SMBs believe they're not in any danger.

Small and midsize businesses are quickly becoming hackers' favorite targets — precisely because SMBs believe they're not in any danger.

SMBs unprepared for security breaches

In a way, “small" business is a misnomer. SMBs account for half of GDP1 in the U.S., and nearly 60 percent of GDP in many European and Asian nations. And the customer information and financial data they possess and process is just as vital and valuable as it is in any large organization. The customer that has their data exposed isn't going to care how large the breached company was.

There is a combination here of wishful thinking and practical limitations. On the one hand, SMBs tell themselves a harmful breach won't likely happen to them. On the other, even if they do respect the danger, they don't have the resources to mount an adequate defense.

SMBs are facing the same cyber threats as large enterprises, but have a fraction of the budget to deal with them. At a small company, IT duties might fall to someone whose primary role is something entirely different; that person ends up handling the company's data security because, well, someone has to. Even when there is a dedicated IT staff, it can be just one or two people, charged with everything from fixing the faulty Wi-Fi to keeping all company software up to date to making strategic plans for the company's data foundation, to ensuring data security.

And with a massive to-do list, defending against data-stealing and unseen criminals on the other side of the world may not seem like a top priority. Not to mention the skill set required — large companies have a difficult enough time finding and retaining top-notch data security resources, let alone an SMB. The writing is on the wall: If they rely on wishful thinking or meager protection, SMBs simply will remain unsecure and prime targets.

Partners can help with data security

The first step for every small business is to understand and accept the risk: Breaches are definitely possible — you might even think of them as inevitable — and preparation is absolutely necessary.

The next step is to assess your data security capability. Do you have the staff and budget to make security a priority? And can you keep track, in the midst of your ongoing work, of software patches and antivirus updates? New breeds of malware emerge every day. Is your security platform equipped to detect them?

It takes powerful, skilled and high-demand resources along with steady monitoring and maintenance to confront today's threats. For businesses who find it hard to carry the data security load on their own, an outside partner in IT services can be a critical resource. A Managed Security Services Provider (MSSP) can handle round-the-clock network monitoring and crucial patches and updates — precisely the kind of IT work that can easily fall through the cracks (even at large companies). With an MSSP on the job, small businesses don't need to become IT experts. A third party can leverage its expertise to find security solutions that fit a company's needs, allowing the owner and staff to focus on the duties and ambitions that make the business one worth protecting in the first place.

Investing in a partnership can be less expensive than doing it all in-house — and it's certainly less expensive than doing nothing and letting your data walk right out the door.

SMBs are not immune to data security threats

Recommended for you

Ricoh named a Managed Print Services Leader
Ricoh named a Managed Print Services Leader

Ricoh named a Managed Print Services Leader

Keypoint Intelligence named Ricoh a Leader in Managed Print Services in its January 2024 Market Insight report. View the report and get the details.

Strategic guidance and support
Strategic guidance and support

Strategic guidance and support

Explore the ways Ricoh can support your data security and information governance practices through its devices, services, and professional consulting.

Layer 3: Application security
Layer 3: Application security

Layer 3: Application security

Application security best practices are essential to protect data and information. In this section of our Security Guide, we share what to do and how to do it.