Let's begin with an obvious statement: small businesses differ from enterprises. And this isn't only because of the quantity of their employees or their turnover. It's because they are building their business and hence their IT and their security are often not fully established. Consider a small business owner who doesn't have Security Department. Moreover, nor does he does not have IT department (the majority of small businesses do not). The business simply does not need it and cannot afford it (rather like a SAP installation in a corner shop). All he has is his business - which, though small, is extremely important
to him. And that's the point where the threats which are quite unexpected appear. Beware! A salesman approaches: “The hackers are all around!!! Only our super-duper software/hardware/appliance could save your money!!!”
Well, a salesman isn't really that bad. He has his own business and needs to sell you a product to live. But he doesn't know your business as you do. No one knows, because every small business is unique. "Every business is unique, not only a small one," you may say. And I cannot disagree. But things we have for large (and even for some medium) companies are
- IT and Security departments
- Security standards
- Budgets for implementing both the security department and security standard.
Do small businesses have these? No. Do they have data that needs to be protected? Absolutely.
So what they have to do to protect their data? To balance. Yes, like acrobat. Since they have exclusive and comprehensive knowledge of their business, owners may decide which of their data needs to be protected - and the amoung of protection which that data needs. And, when you know all the sensitive data and know what it would cost you if you have them correspondingly lost, disclosed or falsified, you may begin to balance between losing money paying for security or not losing money for not paying security.
Fortunately, major software vendors make it easier and easier to protect your assets without investing too much. And
we will see examples in my next articles. But the point is that the owner must know what to protect and why it is important thing to protect. And only after he knows all the points to defense one should decide how to protect him from attack to preserve the balance.