A Breach Puts More Than Your SMB’s Reputation At Risk
A cybercrime attack against a small company can bring operations to a halt and even put the company out of business. Even a single incident that damages the firm’s reputation or compromises the integrity of its digital storefront can result in unrecoverable losses — from downtime and missing company assets, to litigation.
Security breaches can hurt any type of organization. But for Small and Medium Businesses (SMBs), the results can be especially devastating because there’s often not as much of a safety net in place. Smaller companies in most cases can’t afford the backup facilities or security expertise to quickly recover from an intrusion.
Because of this, the most important aspect of a security program should be prevention — keeping the bad guys out in the first place or minimizing the damage they can do once they’ve launched an attack.
As Forrester Research points out in its report, “Understand The Business Impact And Cost Of A Breach,” released in January 2015, security incidents can result in variety of costs to organizations:
“After a breach, there will be many costs associated with winning back customers and rebuilding customer loyalty, all of which can vary widely depending on your business and industry. Typically, banks and hospitals are affected the least here, since consumers are averse to the hassle of changing from one bank or hospital to another. Retailers, restaurants and hotels may see greater fluctuations as consumers can more easily take their business elsewhere. B2B companies can face brand costs in the form of delayed contract agreements and lost business as well. Most organizations have a good idea of how much it costs, on average, to acquire a new customer as well as average spending per customer and can thus extrapolate the total recovery costs and lost revenue.”
And as noted in an April 2015 article in CIO, SMBs can incur a number of costs because of a security breach. These include the business lost during an attack, because a breach often results in shutting down systems for some time — perhaps even days or weeks; litigation from those that suffered because of the attack, if the company did not take reasonable protective measures prior to the attack; the costs of bolstering security following the attack; and the damage to the company’s reputation, which could result in lost sales and difficultly in attracting new customers.
What can smaller businesses do to enhance their security posture? Here are some quick suggestions:
- Hire an experienced service provider. Many smaller companies lack the internal expertise and experience to build a comprehensive security program and maintain security functions on an ongoing basis. Lots of managed services are available to provide this type of expertise, and they cater to SMBs as well as larger companies. Among the services provided are consulting, network perimeter management and monitoring, and penetration testing and vulnerability assessments. SMBs can outsource the security function to services providers outright or handle some security processes in-house while using service providers for others.
- Develop a strong mobile security initiative. Mobile technology in the workplace is one of the fastest-growing trends in IT, with many workers using smartphones, tablets and other devices to support many of their day-to-day job functions. This is true for SMBs, which allow employees such as salespeople, technicians, engineers and consultants to use such devices when they’re on the road or working from home. This presents a number of potential security challenges, such as loss or theft of devices, or unauthorized access to networks. In addition to setting definitive polices about how devices should be used, SMBs can adopt products such as enterprise mobility management to better control their mobile environments and keep data and systems secure.
- Leverage data analytics and threat intelligence. Big data/analytics and threat intelligence services are not just for large enterprises; SMBs can use these capabilities without breaking the bank. By taking advantage of huge volumes of information available about security threats and vulnerabilities, small businesses can get a better handle on what dangers they need to look out for and how they can better prepare for and stop attacks. There are numerous analytics tools and intelligence services to choose from that can help SMBs use security information to their advantage.
If you need an extension to your IT staff to help secure your SMB, contact Insight at 1.800.INSIGHT. To learn more about emerging security solutions and how they can impact your organization, visit us online.