There are a certain predictable truths that govern the way small to medium sized businesses (SMB) approach IT security. These truths are borne out of basic operational factors that should help us define the business parameters inside firms in this space. With these certainties (or commonalities at least) on board, we can start to reduce risk and look towards longer-term growth and profits.


So what are we talking about here?


SMBs are actually pretty consistent in terms of their requirements for security software. They want IT security software that a) delivers the right level of protection b) does not impact negatively upon business performance and c) works effectively in the background.


SMBs typically take a ‘generalist’ rather than a ‘specialist’ approach to IT security and IT generally for that matter. Security responsibilities will often be handed to an employee with other administrative responsibilities too and a complete rather than a heavily bespoke/customisable solution will be preferred..


This means that the SMB will spend a comparatively small number of hours in any given week analysing security risks — and so (as obvious as this may sound) logically the firm will need to choose a “comprehensive” solution that automatically updates and keeps track of current threats.


These facts are largely dictated by the “size” of the company i.e. small to medium sized. These same facts give rise to some basic home truths i.e. the SMB is safer to opt for a trusted brand where levels of protection are more “quantifiable and measurable” all round.


The SMB landscape is now starting to populate with companies who have realised the need to lock down their IT security and (in many cases) lay down a written policy for reasons which may even be related to compliance.


Covering risk factors in all four corners.


As firms embark upon more stringently protected future growth paths, an awareness of the full scope of business risk starts to become clear. SMBs the start to see that IT security risk translates directly to a) financial risk b) reputational risk c) market risk and even d) credit risk.


Suddenly the SMB starts to realise that application and data security should become a formal entry on the procurement side of the firm’s balance sheet. After this, the SMB starts to look at related areas such as disaster recovery planning and perhaps even content filtering for the employee’s usage of the web.


This is the very simple thought process that all small businesses need to sit back and consider. Failure to address these issues is leaving an open door open to the risk of a security breach and its subsequent costs.


It is not a complex model to grasp, ensure you follow business truths when they can be identified as easily as this.

Enhanced by Zemanta