Despite what those who run small businesses say, their organizations really are low hanging fruit for hackers and scammers. In fact, the Aberdeen Group’s latest research report shows that the risk of a single data breach is significantly higher (63%) for SMBs ‒ companies with less than 1,000 employees ‒ than it is for larger organizations.
Why? Enterprise companies may have deeper pockets and more valuable information, but they also tend to invest a larger percentage of their budgets attempting to keep cybercriminals at bay. Some small business owners overlook that latter detail, believing their organization is relatively safe since cybercriminals have those “bigger fish to fry.”
What they fail to realize is the security climate has changed significantly. Automation makes it easy for cybercriminals to target a wide variety and greater number of victims, trolling and looking for the easiest way to penetrate perimeter defenses and email systems. Enterprise organizations, for the most part, are aware of those threats and most have implemented layered security protocols and end-user training to limit their exposure.
On the SMB side, those who stalled or refuse to implement tougher protections find themselves and their companies at greater risk today. Cybercriminals see them as easy targets since a small proportion of those businesses put up any type of formidable defense. Relatively few properly prepare their systems or their people for modern day attacks.
Do or Die Situation
There is no way to guarantee your clients 100% protection. However, many owners and management teams set themselves up for failure by ignoring the threats, assuming their businesses are simply too small to be real targets. Those people are sadly misinformed and put their clients’ information as well as their own personal investments at risk.
Companies that fail to tighten security controls and implement needed technological advancements are at risk, but in some cases, owners and stakeholders may feel the heat if they knowingly ignored industry standards and professional recommendations. If that negligence allows cybercriminals to gain access to credit card and personal information, the affected parties’ lawyers would likely target everyone involved.
That’s because some small businesses are structured to maximize income streams for the ownership team. An LLC designation only partially insulates stakeholders from liability. In the event of a breach or phishing attack, owners ‒ or at least the parties who should have known better yet still made poor decisions ‒ may still find themselves the target of lawsuits, fines, and other legal expenses.
Ignorance is no excuse. Anyone with a few spare minutes and an internet connection can research current threats and suggested solutions. Information security is a standard business expectation today ‒ no matter what size organization is collecting and storing the data.
Closing the Deal with SMBs
The Aberdeen Group’s report also noted a favorable trend for the channel: the SMB is moving away from in-house support and relying more on MSPs and MSSPs to increase data protection and tighten security controls. Today’s advanced threats require greater attention than many small businesses can and are willing to provide on their own.
It’s the perfect opening for highly skilled, experienced, and networked security specialists. The key is overcoming SMBs’ perceptions. Can you convince small business owners they truly are in the cross-hairs of cybercriminals and need to act quickly? Do they understand the potential corporate and personal liabilities from inaction?
Some business owners tend to forget the moral obligation of cybersecurity. Good companies take that responsibility serious and proactively implement systems and processes to protect client and employee data. That’s the ethical approach.
Cybersecurity is a commitment that can earn SMBs new customers and keep their existing clients happy. Can you convince prospects these things really do matter?
Brian Sherman, Content Director for IoTSSA and GetChanneled