Small and medium-sized businesses (SMBs) are faced with a difficult decision when it comes to cybersecurity. Cyberattacks have continued to increase in number, yet many SMBs don't have policies and procedures in place to prevent or detect intrusions.

According to a study by the National Cyber Security Alliance and Symantec, 77% of small business owners believe their company is safe from online threats, but 83% have no formal cybersecurity plan in place. Another study by the World Economic Forum estimates that this complacent approach to cybersecurity could cost the global economy $3 trillion. With so much at stake, how can SMBs protect themselves?

What Cybersecurity Means for SMBs

The vast majority of small business owners are aware of the potential consequences of a cyberattack. Over 80% of small business owners are concerned about the results of a cyberattack, and 63% have measures in place to defend against an attack. Despite the growing number of cyber crime cases including attacks on multinational corporations and governments, this still leaves a large number of small business owners who prefer to take a "wait and see" approach to data security.

To make the matter even more urgent, SMBs are often the primary targets of cyberattacks. According to Brian Burch, vice president of Global Consumer and Small Business Segment Marketing at Symantec, "almost 40 percent of the over 1 billion the first three months of 2012 targeted companies with less than 500 employees." Eddie Schwartz, international vice president of ISACA and chair of ISACA's Cybersecurity Task Force, notes that "a lot of innovation and new ideas come from small companies," and that "their [intellectual property is] very attractive for economically-driven companies." Without even a basic cybersecurity plan in place, businesses are leaving themselves open to data theft and fraud.

While SMBs don't have the luxury of hiring full-time security personnel, small business owners do have resources that can help them develop strategies for securing their systems. They can at least become informed about ways to establish and implement a cybersecurity plan.

Taking Action Against Cyberattacks

ISACA, an international association of information security experts, released a set of guides detailing security implementations for SMBs. Titled Cybersecurity Guidance for Small and Medium-sized Enterprises and Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises, these guides demonstrate some of the ways small businesses can protect themselves from cyberattacks.

ISACA's guides are based on COBIT 5, a framework that provides tools, techniques, and practices for securing IT throughout a business. While COBIT focuses on enterprise-level IT, the strategies and solutions it presents apply to businesses of any size. At the very least, it exposes business owners to the risks and consequences that their companies face when operating without a secure IT infrastructure.

In the meantime, small business owners can get a head start by taking inventory of the assets that need protection. Assets such as servers, workstations, and network devices are the most obvious, but less apparent are tablets, smartphones, and VoIP phones. Going further, SMBs also need protection for outside services such as cloud storage or hosting. For small business owners, understanding the technology at play will greatly contribute to the effectiveness of a cybersecurity plan. As Eddie Schwartz stated, "it's important to...understand the way businesses...leverage this technology across mobile, cloud, social media, and big data." Implementing a comprehensive security plan today can prevent an attack from disrupting your business tomorrow.

Give us a call at 619-473-5600 or contact us to discuss any concerns or questions you may have regarding the security of your network.