SOURCE: LockPath, Inc.

LockPath, Inc.

June 11, 2015 00:00 ET

Why SMBs Are Taking Security More Seriously

OVERLAND PARK, KS--(Marketwired - June 11, 2015) - Would you and your small business like to keep $20,752 annually? Because according to the National Small Business Association, that's how much an average cyberattack can cost an organization. And that's not taking into account lost business, tarnished reputation and remediation efforts.

Depending on whose theories you subscribe to, anywhere from 44 to 76 percent of businesses suffered some kind of breach last year and information security budgets increased by nearly 50 percent after a breach had occurred. What's really disconcerting is that this isn't a new phenomenon. According to Sophos, 87 percent of SMBs suffered a cyberattack in 2012, yet less than 50 percent of them saw a strong security policy as a priority. So why the ambivalence?

According to Symantec, the security initiatives of larger firms and organizations in response to breaches over the past few years have caused attackers to move further down the chain to small and midsized firms. Hackers have adopted a 'low and slow' strategy to avoid detection. Because attacks on non-complicated security systems can be automated by attackers, they will typically go after the low-hanging fruit.

Going from the Sophos numbers, about 42 percent of SMBs lack the budget to implement the systems needed to minimize damage following an attack. Those that can afford help are discovering a massive shortage of qualified information security professionals. The situation will only get worse over the next few years, according to Cisco. In addition, many small businesses might deem hiring on a full-time InfoSec professional as a nonessential budget item.

Stemming from the lack of knowledgeable information security employees, small and medium enterprises often suffer from a lack of employee security awareness programs. That leaves a larger window open for a breach. According to recent studies, 95 percent of breaches are due to human error, whether it be an employee clicking on a banner ad and exposing their workstation to malicious code or getting social-engineered into giving out protected information.

Even if your organization doesn't think cyberattacks are a big deal, you can bet the companies you do business with will. If your company does business in the cloud with any large enterprise, hackers see your infrastructure as an entry point to more valuable information.

"You are never too small," says Matt Anthony, an SVP at the Herjavec Group. "If you have a vulnerability and it gets exploited…It will bring a great deal of attention on you." Because no enterprise, large or small, is entirely impervious to cyberattacks, there are some things the little guys can do to help reduce the impact of a breach.

Have a plan for when a breach occurs. In motorcycle training courses, instructors will tell you that the mindset shouldn't be one of if you have an accident, but when. The same attitude should be taken to matters of information security. Be sure to have a clearly written and distributed disaster recovery plan with detailed information about who takes responsibility for what and which systems need to be addressed first to resume normal business. Business continuity management solutions, like LockPath's Keylight, allow organizations to maintain, analyze and test plans all in one place.

Be very selective about the information you store. "It's really important to know what data you are collecting, processing and storing and why" says Anthony. "They can't steal what you don't have." Hackers will go to almost any length to get information they consider valuable, so long as it doesn't eclipse the cost or risk of getting caught. By keeping any unnecessary information segmented and off business-critical systems, you can reduce the damage done by a breach significantly.

Seek professional help. No, not a therapist. Although information security is a stressful matter, consulting with a professional IT services firm instead of trying to handle things in house is a smart move. Whether you decide to go with managed services or purchase hardware and software through an informed reseller, be sure to consider your level of risk to your vendors and clients as well as budgetary requirements before making a decision.

About LockPath
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company's flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.

Image Available:

Contact Information