Solutions Snapshot - August 2010

Question: What threats should small and mid-sized businesses be considering in 2010 and beyond?

Lynn Mattice, Chairman, Executive Board of Advisors, Security Executive Council; former VP & CSO, Boston Scientific: Small and medium sized business (SMB) owners need to step back and take a real-world assessment of the risks they face in their business.

All too often, SMB owners believe they are not targeted or that they don't face the same risks as big business. Understanding that the environment has shifted dramatically, and that the SMB has become the target of choice - intellectual property theft is critical, particularly since the majority of innovation in this country occurs in the SMB environment and big business has become a harder target to penetrate.

SMB owners have increasingly engaged online and offshore providers for a broad range of support, but generally have done little or no due diligence on these firms, which frequently steal intellectual property and customer data.

Organized retail crime has also shifted its focus to SMBs, as major retailers became better at identifying and neutralizing organized retail crime.

Brett Kingstone, President/CEO, Max King Realty; Author, The Real War Against America: I think the threats to SMBs are internal, external and governmental.

Internal: Make sure you properly review the background of current and future employees for criminal records and substance abuse. You can't lock someone out if he has the key to the front door.

External: SMBs need to realize they are the targets of Chinese competitors who would do anything to steal and counterfeit their technology.

Governmental: Mark Twain said, "No man's life, liberty or property is safe while Congress is in session." Our legislature has allowed institutions like Fannie Mae and Freddie Mac to be backed by taxpayer money; they let Wall Street run rampant. And then when they come in with a solution, it's to use more taxpayer money to bail them out.

If we bankrupt our nation, what will it matter if internal thieves or foreign entities steal our property? The government may be our biggest threat.

Bob Hayes, Managing Director, Security Executive Council: Big business in many sectors has downsized R&D budgets in favor of venture capital programs that identify and purchase start-up companies with proven products and businesses. These "incubator businesses," which are often small and medium sized businesses, are rapidly becoming the source of innovation and technology development.

If these companies' intellectual property and financial well-being only impacted their own company and employees, the risk would be significantly minimized; however, these companies are often the supply chain of the Fortune 1000.

The farther out you go in America's supply chain, the more risk increases. SMBs tend to be less aware of threats, and consequently, they tend to spend less on security and risk mitigation efforts.

Some of the biggest threats for these businesses - threats that occur in SMBs more often than large companies and have a greater proportional impact - are workplace violence, cyber attacks and viruses, and intellectual property theft and counterfeiting.

Ann M. Beauchesne, Vice President, National Security and Emergency Preparedness Department, U.S. Chamber of Commerce: Businesses need to be ready to handle unexpected threats - whether they are natural or man-made. Over the past year, earthquakes, volcanoes and floods have devastated communities and had dramatic global economic effects, such as disrupting air travel. Businesses need to anticipate the kinds of challenges that Mother Nature or bad actors may throw at them and be prepared.

Roughly a quarter of small businesses that close following a major disaster don't reopen. The failed Times Square bombing demonstrates that terrorists may be increasingly singling out targets that aren't as hardened against attack.

Ferocious weather events, terrorist attacks, and Internet criminality (which is growing) don't just happen to "other people."

An essential level of preparedness against physical and cyber threats gives small businesses an advantage over their competitors, and, should disaster strike, you will have taken the steps necessary to better keep your employees safe and secure and maintain operations.

NEXT MONTH'S QUESTION: How can I keep employees engaged in security awareness (long-term) without desensitizing them to awareness messages?

For more information about the Security Executive Council, please visit
The information in this article is copyrighted by the SEC and reprinted with permission. All rights reserved.