November 7th 2013

In the world of information protection, enterprises have long been considered the targets for many cybercriminals who are intent on acquiring as much valuable data as possible in one fell swoop. However, today's complex IT landscape has introduce new opportunities for malicious outsiders, as many small companies are either ill-prepared for a breach or are overconfident in their ability to safeguard mission-critical resources.

Small business leaders need to understand that failing to keep sensitive data safe will not only impact their ability to retain customers, but will also introduce significant repercussions for failing to meet compliance requirements. Unfortunately, these cries often go unheard. This was highlighted in a recent McAfee study of more than 1,000 small and medium-sized businesses (SMBs), which found that 66 percent of respondents believe they have taken enough precaution to stay safe from hackers, largely because those organizations have not yet been compromised by a breach.

Interestingly, 80 percent of SMBs said they have not implemented data protection, while another 14 percent have not embraced any cybersecurity practices. This indicates that there is a major gap between perception and reality in the SMB security landscape.

"A business that doesn't have any security measures in place is putting their data and customers' trust in jeopardy," said Bill Rielly, senior vice president of small & medium business at McAfee. "As enterprises have increased their security defenses, hackers have started to target their attacks downstream to SMBs."

Small data breaches often go unnoticed in the news because the events are not devastating enough to sound the alarm. However, these instances can have major long-term consequences on SMBs that do not implement better practices, which should encourage business leaders to augment their strategies.

Raising the SMB security bar

While there are many factors contributing to this false sense of security among SMBs, one of the main reasons is that a large number of business leaders are not even sure when their companies are hacked. This suggests that executives should be aware of key indications that may hint that a breach has occurred within their infrastructure.

A Symantec report highlighted how cyberespionage attacks, which are incidents that are meant to target and steal intellectual property, are becoming increasingly prevalent, especially among smaller organizations. In many cases, cybercriminals will use SMBs for their "watering hole" tactics, which allow malicious outsider to leach onto larger firms making contact with the hacked smaller company.

This means that business leaders need to keep an eye out for anomalous behavior that may indicate that a particular user or application has been compromised. As consumerization trends continue to impact corporate operations, executives should be sure they have comprehensive endpoint protection tools in place that monitor and detect any abnormal activity deriving from smartphones, tablets and laptops. The need for these solutions has increased dramatically during the past several years, especially as remote working and other trends continue to accelerate.

Companies should be concerned if they find new applications have been installed without permission, as this could indicate that a hacker or cybercriminal has gained access to the network and has taken steps to launch trojans and other attacks. Business leaders should also be worried if passwords and usernames have been changed. While these are simple examples of worrisome activity, being aware of these incidents can raise awareness in smaller companies that have been previously ignorant to outsider actions.

In the coming years, businesses of all sizes, especially smaller ones, need to be proactive and launch data security initiatives that are effective, as failing to protect sensitive information will introduce substantial problems that could have potentially been avoided.