“I don’t have to worry about cybercriminals; I am a small company. Why would they care about me?” I can’t count the number of times I have heard a version of that statement. I have found that many SMBs don’t see themselves as targets. I gather that in the digital hurricane that is today’s internet, SMB leaders imagine themselves as debris that is so small, no one will notice. However, as we have seen in the Verizon data breach report, cybercrime is on the rise across all industries and company sizes, including SMBs. Couple this with the expansion of new malware types and the growth of cheap automated hacking tools; cybercriminals have it easier now than ever to search for new targets of opportunity.
With this growing threat in mind, I believe there are several reasons SMBs have increased exposure to cybercrime. One reason is that many have a minimal understanding of their company’s risk exposure to current threats. Another reason is that many SMBs are constrained by resource availability, whether that is financial resources, trained security staff, or trusted partners. One final critical reason is that many feel spending scarce resources on security services could significantly impact their profitability. They face a decision to either pay for a security service to prevent something that may happen or use the needed funds to grow the business – typically growing the company wins. These negative drivers impair the ability of an SMB to respond to and survive a business-impacting cybercrime incident, which is why I am writing this book as a primer for SMB security managers. This primer will contain basic security practices that can be used by a security manager to remediate risk exposure to critical data and business operations without having to incur high costs.