While spending big bucks to improve a business security plan might sound like a safe idea, the better option might be reallocating those resources to designing a sound plan, according to Louise Bennett, chair of the Information Security Specialist Group at the Chartered Institute for IT.
Bennett said that many small businesses struggle with expensive, intricate systems, especially if they don't have an IT specialist who can navigate the company through any tricky jargon or hazardous situations. Some companies choose not to hire a specialist or consultant because they want to keep their sensitive data in-house.
With that said, many small companies are experiencing protection problems.
According to the annually published Information Security Breaches Survey, 87 percent of small companies were victims of a breach in the previous year.
The study showed that emerging technologies are also a hotbed for cyber hackers and thieves. Of large organizations responding to the survey, 14 percent admitted to a security breach via a social networking site, while nine percent had a breach from a smartphone or tablet.
The survey also showed that staff breaches, due to human error, caused some of the worst ruptures in security. Thirty-six percent of respondents reported a staff breach in the previous year.
"It's perfectly reasonable to sit down and ask yourself the obvious questions," Bennett said. "First, is my business going to be adversely affected if I lose my IT assets, or my internet goes down or whatever?"
"For some businesses it may not cause a problem, but you're very likely to be using the Internet to source goods and pay," Bennett added. "There's reliable research that shows that for businesses in which information is an important part of their business, if their IT goes down for more than a week then a significant number will go out of business."
The first step to protecting your business
Small businesses should evaluate the potentials risks and perils if particular data becomes lost, stolen or unreachable through IT troubles.
The Institute of Directors provides information to aid small businesses in risk management and security.
"I think every small business is capable of doing that kind of risk assessment, asking how much does that mean for me, and showing that you do understand that part of it well enough, and if you don't that you get help," Bennett said.