One of the under-discussed subplots of the last decade is how the emergence of the Internet has shifted the balance between medium-sized business and enterprises.
Once upon a time, each existed in its own world. Today, however, the lines blur: Small businesses use the Internet to go after customers half a world away or dive into specialized markets in a manner formerly restricted to the big players.
There still are lines between the two, however. The gap is clearest in security. Big businesses have more expertise, more money, attract more scrutiny from both regulators and hackers, and have a greater ability to keep designated employees educated on security matters.
SMBs must recognize that hackers gravitate toward easy targets, which they clearly are. For instance, Visa says that more than 80 percent of all credit card hacks were through companies that performed fewer than 20,000 transactions per year. The reality is that big companies offer great paydays for crooks, but the ease with which they can attack smaller businesses is driving them.
Small businesses also are more liable to generic attacks -- such as drive-by downloads -- since their systems and machines are not as well protected. eWeek Mid Market reports on a Computer Technology Industry Association survey, which says 26 percent of PCs at SMBs were affected by spyware within the past year. The story runs through some figures. Bottom line: The costs -- compiled from productivity lost because machines are working inefficiently, downtime while they are being repaired, and labor costs to fix them -- add up fast.
The difference between large and small company security is broached on a subtle and practical level in this post at A Dime a Dozen Small Business, Tech and Talk. While big businesses can make a decision on whether to let outsiders have control of their network by outsourcing firewall maintenance, SMBs simply can't afford to go it alone and just about have to look at outsourcing alternatives.
Processor provides 10 tips -- split, for some reason, between a main story and a sidebar -- on what SMBs can do to protect themselves. It's a good list. The writer provides a bit more information on the first five ideas: revamping patch management strategies, creating security awareness training, focusing on intrusion protection, employing a greater level of policy management, and communicating with data recovery vendors.
The second five ideas are to task a specific person with security, keep up with how each department handles data, stay abreast of the security environment by designating a specific time for study, use hosted e-mail, and research equipment disposal companies.