A tour of any modern small & medium-sized business (SMB) highlights how IT solutions are critical to business success. From email and communication systems to productivity applications, these tools do everything from reporting on financial data to organizing supply chain logistics.
And yet despite this reliance, IT security is viewed as an onerous requirement.
The problem with this stance is that SMBs have become an easy, lucrative and increasing target for cyber attackers. From the 2017 Ponemon Institute Study, more than 61% of SMEs have been breached in the last 12 months.
Even though many SMBs are well aware that compromises are more of an issue of when than if, they are finding it difficult to get effective security measures in place.
It’s no easy feat securing the SMB
The common issue on why we are seeing SMB as an easy target is because there is a ‘lack of something’:
- Lack of resources: SMEs don’t want to invest in something that might necessitate updating the whole infrastructure, updating storage or updating the operating system.
- Lack of expertise: IT is becoming more and more complex. Organizations today need to use security solutions that extend to remote locations and cover roaming and mobile users.
- Lack of information and training: Most SMEs don’t have a large IT team.
- Lack of time: Smaller businesses are understandably focusing on being operational from day to day, so they can serve customers to keep the business going and pay the staff working.
Because of this, most SMBs lack the necessary defenses to protect, detect or react to attacks. In fact the 2017 Ponemon Study cites that only 14% of SMBs rate their security as ‘highly effective’.
But security solutions for an SMB should not be any less effective than it is for an enterprise client. The data is no less sensitive, the disruption no less serious! They need big business protection in terms of focus and effectiveness, but with SMB sensibilities in terms of implementation and use.
SMB friendly criteria to ensure better security
To help achieve this, we’ve worked with our SMB clients and put together some SMB-friendly criteria to remember when choosing cybersecurity solutions:
- Automated controls that take action before damage is done
All SMEs battle against lack of time and resources. They are therefore far better off running and monitoring solutions that offer automated controls in addition to threat identification and real time response.
In short, should something fall outside a set of established restrictions, your solution should automatically take action before the damage is done – not only when IT intervenes.
- Easy adoption
If security overwhelms and stifles productivity, users can’t do their job and the solution is already dead on arrival. Security should be behind the scenes, protecting the users and the environment until the moment the user is truly conflicting with security protocol.
- Limited administration
Most small and medium sized businesses do not have a sizeable IT team. Security solutions with ‘stickiness’ tend to be simple to implement and intuitive to manage.
For more, check out our infographic on all 8 SMB-friendly criteria that will help to better protect your organization.
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.
IS Decisions is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.
Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.