IT Security Risks and their Cost for Small Businesses
Small businesses often believe that criminals won’t waste time and effort on a company of their size and that they don’t have enough to be worth stealing from. Meanwhile because of not caring about security they give cybercriminals a great opportunity for easy money. This carelessness can cost a huge amount of money or even lead to shut down of business. According to the 2014 Global Corporate IT Security Risks survey conducted by B2B International in conjunction with Kaspersky Lab, the worldwide average cost of a data breach for a small or medium sized business can reach $47,000. While in the Gulf region it is $52,000. This figure includes lost business opportunities, hiring external IT support to fix the problem and potentially even new equipment. The costs are not just financial: 57% of data loss events had a knock-on effect that damaged the operation of the business. The image and reputation of a company – something which absorbs so much time and effort when developing marketing strategies – can be ruined overnight. More than half of lost data events (56%) lead to a negative impact on a company’s reputation or perceived reliability. Small businesses can encounter a wide range of cyber threats: from general malware to targeted attacks using them as a weak link to reach large companies; and the number of the threats is large. For example, every day Kaspersky Lab’s Anti-Malware Research team processes 325,000 new malicious files. Globally 38% of user computers were subjected to at least one web threat over the year. In 2014 the company’s Global Research and Analysis Team has reported on seven advanced persistent cyber-attack campaigns, which accounted for more than 4400 corporate sector targets (2.4 times that of 2013) in at least 55 countries worldwide. The key to protecting small businesses is to appropriately prioritize security needs. A small company does not need to start by investing in things like the implementation of data-loss prevention (DLP), or an in-depth management console. It can focus on the security issues which are critical to the individual company or to the field it works in, and pick a security vendor that can scale up as their business grows. At the outset, a very small business needs the baseline protection supplied by anti-malware software and a firewall. Once these businesses become operational and start processing orders, they need data encryption technology to protect payment information or customer information, and this sort of protection is often mandated by law. If they begin hiring employees who work outside the office, then basic mobile security features will be appropriate. To secure themselves, small companies often choose between consumer software that doesn’t include features needed for business, or enterprise-level software which is too complicated and expensive. This makes them spend too much money and time on security that still doesn’t work the way they need. So, they should choose a solution more accurate like Kaspersky Small Office Security that offers specially-built management and financial transaction protection that is easy for an ordinary person to use, along with business-critical tools like file encryption and protection for file servers.