A solution for small businesses’ persistent IT security issues

Small businesses are unwilling to invest in security solutions – often because they don’t think there are any – designed specifically for their needs. But such solutions do exist.

Struggling startups and mature small companies rarely pay much attention to cybersecurity issues. According to the 2014 Global Corporate IT Security Risks survey conducted by B2B International together with Kaspersky Lab, small businesses are concerned more about their products and service strategy (41% of companies named it as a priority) and marketing strategy, which includes business development, building customer relationships and improving business image (40% named it as a priority for the company).


At the same time, development of IT strategy (including security) appears to be a lower strategic concern for small business than for the larger ones – only 19% of the former name IT strategy as the most important or second most priority for the company. Of course it’s vital to invest in core business processes, but it would be a costly mistake for small business to completely neglect security considerations.

There are a few reasons why small businesses don’t always give IT security the attention it deserves, aside from their focus on their primary products and/or services. First, they believe that criminals won’t waste time and effort on a small company and that small businesses don’t have anything worth stealing. Which is plain wrong. According to Verizon’s 2013 Data Breach Investigations Report more than 30 percent of data breaches occurred at companies with 100 or fewer employees. Due to this gap between perception and reality, very small business seldom pays much attention to IT security, inadvertently offering cybercriminals a great opportunity for easy money. Criminals, in turn, aren’t too scrupulous in selecting their targets. They know smaller entities work with the very same resources as larger ones: technologies, knowledge, sensitive data, finances, etc. Small businesses do banking online, processing financial information about themselves and their customers. And without a decent protection it doesn’t take much effort from hackers to damage smaller businesses.

Very small business also tends to underestimate the scale of IT threats. Perception of malware discovery rates among small businesses tends to be less realistic than in larger companies. The survey found that 74% of VSBs believe that 10,000 or fewer malware samples are discovered daily while the real figure is much higher at over 315,000 per day.





Underestimation costs. For start-ups even a single security incident could easily spell financial ruin. According to the fresh figures from the 2014 Global Corporate IT Security Risks survey the worldwide average cost of a data breach for a small or medium sized business can reach $375,000 USD. This figure includes lost business opportunities, hiring external IT support to fix the problem and potentially even new equipment. The median cost of professional services for SMBs due to a serious data loss event is $10,000 USD. For a very small business, the bill of this size may easily spell doom.

The costs are not just financial: 57% of data loss events had a knock-on effect that damaged the operation of the business in general. The image and reputation of a company – something which absorbs so much time and effort when developing marketing strategies – can be ruined overnight. More than half of lost data events (56%) lead to a negative impact on a company’s reputation or perceived reliability.

Still, smaller businesses prefer to place their priorities elsewhere; quite often because of perceived costs of security solutions. But in reality a small company does not need to start by investing in things like the implementation of data-loss prevention (DLP), or an in-depth management console – an enterprise-level things.

Small businesses can focus on the security issues which are critical to the individual company or to the field it works in, and pick a security vendor that can scale up as their business grows. At the outset, a very small business needs the baseline protection supplied by anti-malware software and a firewall. Once these businesses become operational and start processing orders, they need data encryption technology to protect payment information or customer information, and this sort of protection is often mandated by law. If they begin hiring employees who work outside the office, then basic mobile security features will be appropriate.

One key reason why small businesses may be hesitant to invest in IT security is because they feel there isn’t a security solution built with their needs in mind: the only choices available are consumer software that isn’t designed with business in mind, or enterprise-level software which is too complicated and apparently expensive.

But actually there is Kaspersky Small Office Security that had been specifically designed to fill this gap: it offers specially-built management and financial transaction protection that is made easy for an ordinary person to use, along with business-critical tools like file encryption and protection for file servers. And if criminals will attempt to take on a KSOS-protected company, thinking it’s an easy target, they are going to be surprised, big time.

The trial version of the latest Kaspersky Small Office Security edition is available here.