• Lack of security in SMBs? Only if you make it so.

    01 Jul 2010

    This new piece from Dark Reading on lack of security in SMBs hits some interesting points. I agree with the fact that many SMBs overlook security, at least until it’s too late. But I see things a bit differently than some of the things stated and quoted such as:

    • “SMB have historically not given security much thoughts”
    • With budgets so slim, organizing security in an SMB is difficult”


    SMBs make up a large portion of my business performing independent security assessments. If SMBs choose to address security – and many of them do – then they tend to find the budget to make it work. It’s like any other business priority. Granted there are millions of SMBs in the U.S. and I’m sure a majority of them don’t take security seriously. But there are many, many SMBs out there with leaders who do. It’s all a matter of choice. It’s the ability of SMB leaders to think long term.

    In this same article, Robert Richardson with CSI, hit the nail on the head when he said “Small businesses have the opportunity to be a lot more protected because they have an opportunity to be a lot more uniform in how they implement policy.”

    This is the thing that stands out to me the most. It’s indeed an opportunity to do it now when it’s easier and cheaper. Do security right up front when things are small and straightforward and the business can grow into the established infrastructure as it evolves. It’s an amazing thing but it really works and there’s a profound payoff for the SMBs that make it happen.

    Check out my Smart IT blog at Bizmore.com if you’re interested in further reading on information security in SMBs.