There’s a festering problem growing beneath the surface of small businesses everywhere, and it’s an issue that most SMBs are refusing to address. As large-scale companies invest big money in information security teams to protect themselves from data breaches and bad actors, their small business brethren simply refuse to invest in security at all.
“People only spend money on things they can detect.”
Gary Chan is an information security management consultant and president of Alfizo, a company that is helping SMBs and large-scale enterprises use IT as an enabler while meeting compliance, security and privacy obligations. On this episode of IT Visionaries, Gary dives into some of the biggest obstacles facing SMBs from a security perspective and why small businesses leave themselves vulnerable to cyber attacks. Plus he explains why regardless of how secure your network may be, the weakest link remains your staff.
Main Takeaways
- Walk in Through the Front Door: SMBs are leaving themselves vulnerable to security threats because they don’t believe they need to invest in the basic tools and services to protect themselves. SMBs are attacked at a far higher rate than large-scale organization because they often leave themselves open to attackers
- Basic Tips and Tricks: For SMBs that don’t want to invest high dollar amounts into a security tech stack, it’s still wise to invest in simple things that fit what you need, such as phishing training for your staff, which can help detect and report malicious emails, multi-function authentication, and password vaults.
For a more in-depth look at this episode, check out the article below.
Article
There’s a festering problem growing beneath the surface of small businesses everywhere, and it’s an issue that most SMBs are refusing to address. As large-scale companies invest big money in information security teams to protect themselves from data breaches and bad actors, their small business brethren simply refuse to invest in security at all.
“People only spend money on things they can detect.”
Gary Chan is an information security management consultant and president of Alfizo, a company that is helping SMBs and large-scale enterprises use IT as an enabler while meeting compliance, security and privacy obligations. On this episode of IT Visionaries, Gary dives into some of the biggest obstacles facing SMBs from a security perspective and why small businesses leave themselves vulnerable to cyber attacks. Plus he explains why regardless of how secure your network may be, the weakest link remains your staff.
There are two big trends facing the SMB community today, according to Chan. One is negligence, meaning users are simply looking the other way when it comes to protecting the business. The second is overindulgence. Overindulgence occurs when a company has experienced some form of a cyber attack, and overreacts.
But getting SMBs to do even some of the basics, such as having a password vault or multi-factor authentication, remains a big obstacle, which is surprising when you consider the rate that small businesses are attacked.
“Small businesses definitely get attacked more than big businesses,” Chan said. “If you’re afraid of being attacked, you’re definitely being attacked more.”
A couple of reasons SMBs are more targeted than large businesses can often be boiled down to a lack of urgency when it comes to real problems they are facing.
“If your door is unlocked, I’m going to come steal from you,” Chan said. “Another element, just from a statistics perspective, is that there are a lot more small businesses than big businesses. When [bad actors] are attacking small businesses, they tend to be opportunistic. You don’t have to run faster than the bear. You just have to run faster than everyone else around you.”
Negligence at the SMB level is not new, especially when those businesses have to decide where to spend their money. But Chan stated that the biggest reason that most businesses don’t follow through with any type of security is because they simply don’t want to.
So what advice would Chan give to those SMBs that are looking to level up their security business?
“Phishing training is one of the cheapest things you can do and it has good results,” he said. “What I found to be one of the most effective tools that you can have is DNS, they’re getting better and better every day at detecting [malicious intent].”
To hear more from Chan’s conversation and how SMBs can step up their security, check out the full episode of IT Visionaries!
—
To hear the entire discussion, tune into IT Visionaries here.