It’s an inconvenient and unfortunate truth. It is (and always has been) typically the case that companies at the larger end of the SMB market (i.e. 51-100 employees) tend to exhibit the most IT security awareness.
So when it comes to SMB security awareness size really does matter. But, as most us know, it really should not.
The common perception among many fledgling businesses is that paying for IT security is an unnecessary expense. If controls are put in place at any level then they are often administered without any third party support or consultancy — and this is fine, as long as certain caveats, policies and mechanisms are put in place to ensure its effectiveness.
The challenge here is to think big.
Small to medium sized businesses from two person partnerships up to newly formed firms still numbering less than ten employees need to treat their IT security protection as if they were a multinational.
Just as every Dollar, Pound, Yen and Euro of profit is treated with ultimate respect in ANY size of business, the same universally level playing field should also govern the security controls that ANY firm uses to protect itself from malware, phishing, spam and social engineering in all its forms.
The problem is that hackers don’t discriminate when it comes to electronic data and the opportunity to make money from implanting malware onto users’ machines. It’s a numbers game and if a successful malware attack starts at a small business level then it can still “perform well” for the perpetrators by spreading to all a user’s contacts and their contact’s contacts exponentially.
Think about it – in the time it takes for a hacker to get through the defense shields of a major international banking corporation, they could be dropping infected code into a thousand or more small businesses operating without any anti-virus protection technologies.
Malware is a numbers game
Without wanting to deliberately coin a phrase here, there’s an awfully succinct way of summing this subject up – “distributing malware is a numbers game, just ensure that you don’t become one of the numbers.”
You can download the full AVG SMB Threat Landscape Report at the AVG Resource center.