• United States




10 facts every small business leader must act upon

Jul 25, 20163 mins
Business ContinuityCyberattacksCybercrime

"No business is too small to evade a cyber attack," according to Ponemon.

There are a lot myths circling the drain. Many of them regarding cyber security and small businesses. Too often I hear “we are too small to get attacked” or “we don’t have anything they want.” My favorite is “we cannot afford to dedicate resources to cyber security.” A recent Ponemon study revealed 10 facts that dispel these myths and many others.

1. Web servers and social engineering are your biggest threats.

Web based (49 percent) and social engineering (43 percent) attacks account for over 80 percent of those experienced by small businesses. SQL injection, general malware, and compromised/stolen devices round out the top five.

2. Employees and contractors are the problem.

Negligence by employees and contractors accounted for 48 percent of data breaches and third-party mistakes accounted for an additional 41 percent. On average each breach resulted in the loss of more than 5,000 individual records. To further complicate matters, the small businesses surveyed were unable to determine the root cause.

3. Customer information and intellectual property are high value targets.

Providing a service is not an indicator of value. After all, any person or company can provide a service. Just like any tech manufacturer can make a computer. However, how many of them provide the perceived value of Apple. Why and how you provide your service represent your intellectual property. According to Ponemon, 49 percent of SMBs worry about protecting their intellectual property. As important as that may seem preventing the loss of client information is an even higher priority. Sixty-six percent of those surveyed said protecting customer information was more important.

4. Got a strong password?

Proper password use and management could severely mitigate potential threats. Yet, 59 percent of small businesses lack awareness of employee password complexity practices. Implementing password complexity requirements is something you must start enforcing now!

5. Policy enforcement is not an option.

Sxity-five percent of those surveyed don’t enforce their password policies. A policy absent enforcement is nothing more than a suggestion!

6. Attacks are a cost of doing business.

Attackers can and will defeat many security systems. It is a fact and once we internalize and come to grips we can develop an effective play for prevention, detection, and eradication.

7. Managed service providers must be managed.

Thirty-four percent of security operations are managed by third-party providers. This does not mean you can forget about these tasks. In fact, due care and due diligence require you to check the checker.

8. Senior leaders must champion priorities.

Thirty-five percent of those surveyed reported no one championed priorities in their organization.

9. At a minimum client firewalls and anti-malware solutions are a must.

If you can’t do anything else implement client firewalls and anti-malware.

10. Use biometrics to secure mobile devices.

Passwords can become unmanageable over time. Too many passwords for too many sites and people have trouble remembering. Then they start using old passwords for multiple sites/devices which creates more security vulnerabilities. Biometrics offer a potentially easier (for the small business) way to protect mobile devices.

Still think you cannot afford to implement or upgrade your cyber strategy? If so ask yourself this question: Can you afford to lose $2 million because of an incident? That was the average cost to small business who experience a cyber incident, according to the Ponemon study.


TJ Trent is an expert in organizational compliance and governance for organizations in the cyber universe. His focus is on people, processes, and systems, which provides the foundation for understanding the true place of technology in the cyber world.

TJ works fiercely and passionately to prevent, detect, and eradicate cyber threats. ​During his 13 year career he has witnessed the information technology field burgeon into a powerhouse industry intertwined ​with the fabric of our lives. ​As the lines have blurred between technology and our lives, cyber security and cyber awareness are at the forefront of media attention. The last two years we have been inundated with breach after breach. From healthcare and banking violations to our most sensitive and private photographs. It seems like nothing is safe anymore.​

A super high achiever dedicated to learning and continually improving. TJ has been able to rise to the elite levels of success in his career. With over nine years of leadership experience, TJ has helped many organizations and individuals reach milestones within their careers. As a result, he is also uniquely suited to help you turbo charge your career within the information technology field.

TJ's credentials include a Bachelors of Science-Information Systems Security, Certified Information Systems Security Professional, GIAC Security Essentials (SANS 401), GIAC Certified Enterprise Defender (SANS 501), GIAC Certified Incident Handler (SANS 504), GIAC Certified Intrusion Analyst (SANS 503), GIAC Certified Forensic Examiner (SANS 408), GIAC Certified Critical Controls (SANS 566), and GIAC Certified Network Systems Auditor (AUD 507). TJ will complete his Masters of Business Administration-Technology Management in February 2016.

The opinions expressed in this blog are those of TJ Trent and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.