- "SMB have historically not given security much thoughts"
- "With budgets so slim, organizing security in an SMB is difficult"
SMBs make up a large portion of my business performing independent security assessments. If SMBs choose to address security - and many of them do - then they tend to find the budget to make it work. It's like any other business priority. Granted there are millions of SMBs in the U.S. and I'm sure a majority of them don't take security seriously. But there are many, many SMBs out there with leaders who do. It's all a matter of choice. It's the ability of SMB leaders to think long term.
In this same article, Robert Richardson with CSI, hit the nail on the head when he said "Small businesses have the opportunity to be a lot more protected because they have an opportunity to be a lot more uniform in how they implement policy."
This is the thing that stands out to me the most. It's indeed an opportunity to do it now when it's easier and cheaper. Do security right up front when things are small and straightforward and the business can grow into the established infrastructure as it evolves. It's an amazing thing but it really works and there's a profound payoff for the SMBs that make it happen.
Check out my Smart IT blog at Bizmore.com if you're interested in further reading on information security in SMBs.