The main cause of the problem lies in the attitude that SMBs have towards security, because they believe that cybercrime only affects large enterprises. Most SMBs install anti-spam and anti-virus software and believe that they are secure; however, they don’t have a clear understanding as to the extent of security threats.
Whilst spam and viruses are the basic threats and measures should be taken to prevent them from harming the network, there are plenty more threats out there that most SMBs are unaware of and therefore don’t know what to protect against.
Having controlled Internet access for employees is a start to ensure that malicious downloads and prolific web browsing doesn’t occur as this could lead to further threats such as phishing attempts which play on people’s fear and/or lack of knowledge.
Since SMBs consider themselves as abstained from cyber attacks this means that they install less security on their network making it easier for a cyber criminal to actually attack them. Whilst a large enterprise might have a higher revenue the effort that it would take to break into their network would be much greater due to their increased investment in security. Cybercriminals are just as likely to go for a smaller catch if it’s easier to get to it. The initial investment into security might be seen as an expense; however, SMBs need to realize that should their network be compromised, their business and clientele will be affected thus affecting their revenue and credibility, and costing them a lot more in the long run, that will take a much longer time to recuperate.
Ultimately security is a cost of doing business. Security is insurance. Security is an investment.
The first steps to safeguard a business lie in education and awareness for all employees and managers. By being aware of the threats that can hit a business it is easier to prevent a security breach because one would know what to look out for and what to avoid.
Security should be considered as a long-term plan that SMBs need to put in place before it’s too late.[audio:http://www.techtalk.gfi.com/wp-content/uploads/2009/06/gfi-securitysm-podcast-1.mp3]