Surely with fewer staff and a smaller network, the challenges of cybersecurity are reduced? Johan Pieterse, Head of IT and Security at the Racing Post, looks at the challenges from the smaller business perspective.
It is natural to think that it is more difficult for smaller firms to implement security as the perception is that it’s a specialist area and it can cost a lot of money to get the best technology to give you protection.
Traditionally, security was only implemented if it was a prerequisite to doing business with big companies. However, things have changed and technology that was once only available in high-end devices is now a standard on our home routers.
If you have never been involved in security and start looking at what is out there, you will find massive amounts of data. What is right for your business? What is cost effective? What does this all mean? This can all be overwhelming for a subject which most people feel adds no value and is just an unnecessary cost.
Cyber-criminals are working together and even franchising their services to work against victims of all sizes, but the reality is, they don’t always look at big targets but rather the easy targets, which all-too-often are proving to be the smaller companies whose security setups are less mature, under-resourced and possibly not tried and tested.
For smaller business owners, security can often feel like a mammoth task, and for some, a variety of daunting challenges can actually make it seem like an impossible one.
Often for smaller companies the big challenge is surviving and growing the business with limited available budget, and security can be viewed as an inhibitor to that.
How do you assign the correct amount of money for security when funds are tight? The reality, however, is that for smaller companies fighting tooth and nail to be successful, it can be much more expensive not to address security because of the risk of:
• Damage to reputation
• Financial penalties
• Business interruption
Another significant hurdle to overcome is the issue of resource management. Even the biggest companies in the world, with their reputation, all of their finances and pulling power, can suffer from being under-resourced when it comes to skilled security workers. This is amplified for smaller companies whose security teams can be as small as a couple of members of staff.
Therefore, if you do not have the in-house expertise (which a lot of smaller companies don’t) then you have to either hire, outsource or educate, but that comes at a cost and additionally, it can be a real challenge to judge whether you are getting value for money and quantify what you need them to do.
Having spent the money to get the basics in, the security landscape and criminals are moving fast and companies need to stay ahead whilst being cost effective.
The fact is, security can be as cheap or expensive as you want it to be. It is about identifying risk and assessing and mitigating based on your risk appetite. As a leader in a small company, you might say ‘I don’t have time to do this’, but look to make it part of your business instead of seeing it as an additional thing to do. When designing a new product, or procuring a new service, make security part of the process. Just like you would evaluate suppliers against each other for value and requirements, this is just another consideration you need to make.
Luckily, there is a lot of information out there to assist you. Government initiatives like Cyber Essentials are a great, easy and cost effective way to make a start with protecting your business. There is also a website that provides free cybersecurity training for small businesses.
Security can be a scary subject for anyone, but particularly for smaller companies who have to deal with challenges that the big players don’t. However, you can educate yourself and make informed decisions, and the worst thing you can do is to ignore the problem and hope nothing goes wrong