If your business is just getting started, or if you’re considering expanding, it’s important to think about what you can do to ensure that your data – and your client or customer data – remains secure. Below, you can learn more about how much SMBs really spend on cybersecurity. This can help you make better choices for your own business’s needs.
Many small to medium business owners make the mistake of believing that because their companies are not as large as some of their competitors’, they are simply not at risk for cyber threats. This couldn’t be further from the truth. Numerous reports show that about half of all cyber attacks aimed at business are aimed at small business and 68% of all small businesses experienced a cyber attack in the last 12 months. Because of this, every business needs to budget for cybersecurity. Viruses, phishing scams, and ransomware are all very real threats regardless of your company’s size, age, or revenue.
For most companies, cybersecurity budgeting is part of IT budgeting; managed IT service providers often offer security in the form of antivirus programs and even email security as part of their packages. On average, SMBs spend 5% to 20% of their total IT spend on security. This means that if your company spends $5000 a month on IT, you should expect to spend $250 to $1000 on cybersecurity alone.
Whether you should spend 5% or 20% depends on a wide variety of factors, too. These include:
Like many SMB owners, you may feel that $250 to $1000 per month is a lot of money to spend on cybersecurity. However, rather than viewing it as an additional expense, it’s better to see it as an insurance policy against a data breach. IBM’s 2019 Cost of a Data Breach Report shows that, on average, data breaches cost companies $3.92 million. Small business breaches can cost an average of $120,000 to $1.4 million – and many don’t survive. A breach can not only drain your bank account, but it can also close your business.
If you still view cybersecurity measures as a luxury rather than a necessity, now is the time to reconsider. No matter how small your business might be, no matter what industry it’s in, and no matter how careful you and your employees might be, if you collect, manage, or share customers’ information, you can be a target.
Twitter has issued an alert to users prompting them to change their passwords after it was discovered some users' passwords had been recorded in a plain text log file accessible by Twitter employees. Twitter has issued a message to most users alerting them of the issue with the following statement:
We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password.
Twitter masks passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. Twitter Chief Technology Officer, Parag Agrawal, stated “This allows our systems to validate your account credentials without revealing your password. This is an industry standard.” Due to a bug, passwords were written to an internal log before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
While Twitter’s security team determined that it was unlikely that the passwords had been leaked or misused, we highly recommend you change your password for any sites or services that utilized the same password.
We love our customers and try to make getting the right security camera for them as great as possible. Discover how easy it is to safeguard your assets, better serve your employees, and improve the day-to-day operations of your business with a surveillance system that’s built to help in more ways than one.
You'll be able to buy great quality surveillance equipment at reasonable prices. At Pennyrile Technologies, we use higher quality components, and that's a difference you can see. We also offer a 3 year hardware warranty on all security cameras we sell.
Many competitors use no-name knock-off parts. Not all HD 1080P cameras are equal. Lower quality processors have slower bitrates which cause motion blur and compression blur. Our cameras have at least 4Mbps in processing power. This means your image will be far more crisp and clear.
We offer security cameras with all the features you need to help protect what matter most. We specialize in indoor and weatherproof outdoor security cameras, featuring dome, bullet, PTZ, and low-profile camera styles. Our HD security cameras deliver great picture quality, and our outdoor cameras are designed for all kinds of weather conditions. Most models feature infrared night vision capabilities that will continue to keep your property safe through the night. Vandal resistant designs and rugged exteriors ensure uninterrupted service should someone attempt to disable or destroy them. Pennyrile Technologies can help provide you peace of mind in knowing that your business is protected around-the-clock.
Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor. SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.
Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.
Cybercriminals Target Companies with 250 or Fewer Employees
Research is continuing to show that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.
View Security Measures as Investments
CEOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.
Would-be business partners have likely already asked for specifics about protecting the integrity of their data. Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer "yes" to any question about security, find out what it takes to address that particular security concern.
Where a Managed Service Provider Comes In
Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.
An MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.
Email us at email@example.com or use our contact form to see how Pennyrile Technologies can help your business today.