Regardless of the size of a business, geography, attacks happen. Especially in the context of small and medium businesses (SMB), their knowledge intensive nature and vast data repository makes them valuable targets for attacks. Additionally, the proliferation of mobile devices driven by the need for any time—any place access to company data and service is adding to the enormous challenge of keeping these companies secure with limited IT resources. Smaller businesses also find it difficult to keep up with software patches, leaving vulnerabilities undetected for long periods of time.
These realities are exploited by cybercriminals, who use the downturn to step up the pace. And it is happening at a time when businesses can ill afford downtime, decreased productivity, stolen data, lost sales and a damaged corporate reputation. According to a recent report from Zinnov Consulting on ‘Indian SMB ICT Adoption Insights’, India is home to around 50 million SMBs currently of which 10 million are technology-ready. Hence the need for securing small and medium businesses has become increasingly paramount.
Besides the real dangers that confront SMBs, there is an attitudinal shift required for SMBs to allay any misconceptions pertaining to security. Firstly, SMBs, by and large, tend to have this notion that due the small nature of their operations, they may not be targeted for cyberattacks. However, SMBs forget that their data and intellectual property is very much vulnerable to theft.
An unsecured database definitely attracts attention from the hacker community thus putting the sensitive intellectual property in danger. Secondly, most of the SMBs assume that security solutions are extremely expensive as they have smaller operations and lower price points. Lastly, with mobile phones and tablets coming in the play, many SMBs assume that the new devices are secure and allow access to server utilisation.
In this regard, one security solution cannot be considered as a silver bullet for all SMB security requirements. No two businesses are the same and what needs to be protected within each business differs greatly. For example, if a small business operates primarily online and houses customer profiles and data on the Web, the level of protection required will be greater than for a business with little online presence. Therefore it is necessary to adopt an interlocked approach of ‘People Process Technology’ by which SMBs can adopt the right best practices to evaluate their security strategy and choose a mix of the best suited security solutions.