The 5 reasons why security should matter to your small and medium business!

It doesn’t matter what day of the week or week in the year there is always something about cyber security in the news. With the US Congress discussing a new cyber security bill it is relatively hard to miss.

For a small and medium business and not for profit organisation all this talk may seem irrelevant and not important to them. This is definitely a false sense of security. Here are five reasons that SME’s should be concerned about cyber security and protection of their business information.

1. For Cyber criminals, Smaller organisations are better targets than larger ones.

This one is relatively easy to prove. Symantec keeps record of this and in the last 18 months organisations under 500 staff have the highest rate of compromise @ 40%. Most of the reasons are mainly due to their size. Small organisations cannot afford the technology, or staff to focus just on business security. They also have minimal resources to maintain a secure business environment.

SME are not only targeted by eternal groups, individuals and automated attacks they are also attacked by disgruntled and ex employees.

2. A security breach of a small business can potentially be business ending.

The loss of a business critical information, intellectual property, credit card information or client and staff information can be crippling. If this loss of information is combined with no disaster recovery, business continuity and backup components then the information is not only in the wrong hands but you may never get it back again.

3. Controlling access to the information internally is also a main concern for SME organisations.

Most small organisations are a trusting lot and consider all employees as trustworthy. All staff logging on as the same user with the same password is a very dangerous situation for SME’s. If the SME does not audit system and data access then when something does go missing there is no way of defining the parameters of the loss. This is further compounded when all users are using the same credentials.

This includes access to databases, system access from administrators and keeping track of the data going in and out of the organisation.

4. Your reputation is critical to your business.

Have you ever been in the position where you do not want to do business with a company because of what you have heard, either professionally or in passing. Now turn it around to YOUR reputation. If it is tarnished by a security breach, will it affect how your clients do business with you.

5. Business to business situations will arise where contracted companies do not want to do business with you because your system endangers their business information.

This can have devastating affects on small organisations in regards to going to the next level of business. A joint venture type of business environment could fall apart relatively quickly if one of the partners are compromised.

Business security and your business reputation are critical to how you do business. If you do not invest in your business security infrastructure then you could be in trouble as the level of protection that you need will not be in place when you need it. The security investment that you make is not only focused on protection, it should also include the management, resilience and compliance requirements of the business

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.