5 Ways Lax Security Makes Small Businesses Cyber-Morsels for Computer Criminals

Senior Vice President of Product Management at Trustwave
4 min read
Opinions expressed by Entrepreneur contributors are their own.

Most small businesses don’t have the budget, expertise, staff or time to manage security programs on their own. It’s a longstanding problem, as pointed out in a survey of small businesses conducted by the Ponemon Institute, which found that 55 percent of respondents experienced a data breach in 2013 and 53 percent of those experienced more than one breach in the same year.

Considering how quickly the threat landscape has evolved and the threat of breaches affecting all types of businesses from startups to financial giants in the last couple of years, many small businesses are still in dire straits.

It’s common for small and medium businesses to think they are too small to be the targets of a cyber attack, especially when the term “breach” is often associated with retail, health and financial companies. But, even in those cases, smaller businesses become victims in the exploit process. According to the annual 2015 Security Pressures Report published by Trustwave, many small to medium businesses feel secure in their current security stance, with 68 percent stating they do not feel at risk of a cyber attack or data compromise. This false sense of security is a major mistake that makes smaller companies targets for cybercriminals.

With this in mind, here are five mistakes to avoid that make it easy for attackers to exploit small businesses:

1. The wrong investments.

Pressure on IT pros to buy technologies is rising but security solutions for small businesses are only effective if used and updated properly. According to the 2015 Security Pressures Report, 57 percent of small businesses feel pressure to purchase feature-filled technologies, yet 37 percent said they lack the resources to manage them.

The 2014 Trustwave Security on the Shelf report found that organizations spent $115 per user on security software in 2014 but of that $33 worth of this investment was either underutilized or never used at all. Simply having a security appliance or solution is not enough. Without proper management, additional attack vectors created by a growing network could be a company’s downfall, as it loses visibility of traffic and activity within its systems.

Related: 4 Ways Your Small Business Can Better Prevent Cyber Crime

2. Pressure to push projects out early.

According to the pressures report, 77 percent of respondents felt rushed to push out IT projects that weren’t security ready. This is a big reason why vulnerabilities are commonplace in applications and other IT rollouts. The in-house IT team is so focused on completing projects on time that security becomes an afterthought, leaving them open to attack.

Companies need to build products with security in mind from their inception. As security continues to be a major concern for business and consumers alike, it has become a primary differentiator for any product. A secure product will be more coveted than a vulnerable product that was quick to market.

3. Protection efforts in the wrong place.

While many businesses focus their protection efforts on external threats, 48 percent of respondents considered internal threats more pressure-inducing than external threats. Small businesses can have a “family feeling,” but internal threats can still exist, no matter how much you trust one another. Vet and educate personnel to avoid both intended and inadvertent threats.

Related: What Startups Need to Do to Be Cyber Secure in 2015

4. Cloudy forecast.

The cloud holds many uncertainties for small businesses. The pressures report reveals that 43 percent of small businesses rated the cloud as the emerging technology that posed the greatest security risk to their organization.

In reality, the cloud is an efficient way to bolster operations for small and medium businesses, if launched correctly. Smaller businesses have to take their time in setting up a successful cloud deployment, with cloud-specific security measures that are distributed and localized. Pervasive encryption of data or third-party management also helps avoid possible issues.

5. Weak passwords.

Password education is crucial. Despite the fact that easy-to-crack passwords contributed to nearly one-third of all breaches Trustwave investigated in 2013, only 9 percent of security pros cited weak passwords as the insider activity they felt most pressure to fend off. IT and security pros need to instill the need for strong credentials and even two-factor authentication.

In short, having a security-first mentality can pay dividends to small business and ensure long-term success. Don’t assume being smaller exempts companies from being victims. Make security a priority and avoid the costly aftermath of a possible breach.

Related: How to Create a Super Strong Password (Infographic)

More from Entrepreneur
Our Franchise Advisors are here to help you throughout the entire process of building your franchise organization!
  1. Schedule a FREE one-on-one session with a Franchise Advisor
  2. Choose one of our programs that matches your needs, budget, and timeline
  3. Launch your new franchise organization
Use code MARKET2021 through 4/24/21 to save on 12 marketing books for entrepreneurs that are recommended by entrepreneurs:
  • Digital Marketing Handbook
  • No B.S. Guide to Direct Response Social Media Marketing
  • Ultimate Guide to Youtube for Business
  • And more
Make sure you’re covered for physical injuries or property damage that occur at work by
  • Providing us with basic information about your business
  • Verifying details about your business with one of our specialists
  • Speaking with an agent who is specifically suited to insure your business

Latest on Entrepreneur