Question: What threats should small and mid-sized businesses be considering in 2010 and beyond?
All too often, SMB owners believe they are not targeted or that they don't face the same risks as big business. Understanding that the environment has shifted dramatically, and that the SMB has become the target of choice - intellectual property theft is critical, particularly since the majority of innovation in this country occurs in the SMB environment and big business has become a harder target to penetrate.
SMB owners have increasingly engaged online and offshore providers for a broad range of support, but generally have done little or no due diligence on these firms, which frequently steal intellectual property and customer data.
Organized retail crime has also shifted its focus to SMBs, as major retailers became better at identifying and neutralizing organized retail crime.
Internal: Make sure you properly review the background of current and future employees for criminal records and substance abuse. You can't lock someone out if he has the key to the front door.
External: SMBs need to realize they are the targets of Chinese competitors who would do anything to steal and counterfeit their technology.
Governmental: Mark Twain said, "No man's life, liberty or property is safe while Congress is in session." Our legislature has allowed institutions like Fannie Mae and Freddie Mac to be backed by taxpayer money; they let Wall Street run rampant. And then when they come in with a solution, it's to use more taxpayer money to bail them out.
If we bankrupt our nation, what will it matter if internal thieves or foreign entities steal our property? The government may be our biggest threat.
If these companies' intellectual property and financial well-being only impacted their own company and employees, the risk would be significantly minimized; however, these companies are often the supply chain of the Fortune 1000.
The farther out you go in America's supply chain, the more risk increases. SMBs tend to be less aware of threats, and consequently, they tend to spend less on security and risk mitigation efforts.
Some of the biggest threats for these businesses - threats that occur in SMBs more often than large companies and have a greater proportional impact - are workplace violence, cyber attacks and viruses, and intellectual property theft and counterfeiting.
Roughly a quarter of small businesses that close following a major disaster don't reopen. The failed Times Square bombing demonstrates that terrorists may be increasingly singling out targets that aren't as hardened against attack.
Ferocious weather events, terrorist attacks, and Internet criminality (which is growing) don't just happen to "other people."
An essential level of preparedness against physical and cyber threats gives small businesses an advantage over their competitors, and, should disaster strike, you will have taken the steps necessary to better keep your employees safe and secure and maintain operations.
NEXT MONTH'S QUESTION: How can I keep employees engaged in security awareness (long-term) without desensitizing them to awareness messages?
For more information about the Security Executive Council, please visit www.securityexecutivecouncil.com/?sourceCode=std.
The information in this article is copyrighted by the SEC and reprinted with permission. All rights reserved.
