How Vulnerable is your Small and Medium-sized Business? [UPDATED]

Are you aware that the best targets for hackers and malware authors around the world are small and medium sized businesses? The reasons for this are aplenty, but the most crucial cause of this is that smaller businesses have multiple points of vulnerability. Moreover, the security practices that they adopt also fall short of the methods adopted by larger businesses and corporations.

How Vulnerable is your Small and Medium-Sized Business

So while it may seem that attackers chase after bigger corporations because there is more money to be stolen and resources to be tapped, the reality is often quite different from that. With this small quiz that we have devised for you, you can determine if your small or medium sized business is facing security risks.

1. Which of the following employee activities do you think is most risky?

a. Downloading suspicious attachments
b. Using the same passwords for a long time
c. Clicking on suspicious links and ads
d. All of the above

ANSWER – All of the above. When the issue of SMB vulnerabilities comes up, all of the aforementioned factors come into play. Human negligence and employee behavior often lead to security breaches, so they should be contained with the right training and awareness.

What you can do – Conduct quarterly or half-yearly cyber safety awareness programs for all your employees. Begin by including information about the common types of threats like social engineering attacks, phishing emails, data leakage, bring your own device (BYOD), mobile malware and advanced persistent threats (APT). Break these sessions into modules and complement them with evaluation tests to assess how much an employee has learned.

2. SMBs do not actively seek out breaches, but find them by accident.

a. True
b. False

ANSWER – True. This is true because firstly, not many SMBs have data encryption techniques in place. This leads to a situation wherein data breaches go undetected for months on end at a small or medium sized business. Detection techniques are also not highly advanced, leading to the same.

What you can do – Deploy an effective Data Loss Protection mechanism in your network. This mechanism should be able to regulate data transfer channels such as removable drives, network sharing, web applications, online services, and system clipboards to name a few. It should also efficiently monitor data based on its nature.

3. Employee mobiles and devices are hotbeds of sensitive company information.

a. True
b. False

ANSWER – True. Employees often access company accounts and data on their personal devices, especially in SMBs. This often leads to the possibility of this sensitive data getting breached, because these personal devices are not as secure and protected as official company devices.

What you can do – Go for a Mobile Device Management (MDM) solution. Having this infrastructure in place can let your employees have the privilege of mobile productivity without compromising the security of your corporate network. As the name suggests, an MDM is an easy way to secure mobile workspace in businesses by ensuring that all such devices comply with the company’s security policies.

4. Which of the following is the biggest danger of an SMB facing a security breach?

a. Loss of confidential data
b. Loss of employees
c. Loss of reputation
d. All of the above

ANSWER – All of the above. When a data breach occurs, sensitive and crucial data is lost and falls into the wrong hands. This can be misused against the company and in turn lead to a loss of employee base and a definite nosedive for the reputation of the company. For SMBs, a security breach can be pretty lethal.

What you can do – Invest in an endpoint security solution that can take care of the security of every endpoint connected to your corporate network from a single console. Besides having features specifically designed to ward off malware and Internet threats, and prevent data theft, this solution also comes with business productivity features.

5. What percentage of SMBs back up their data on a regular basis?

a. More than 75%
b. Between 60% – 75%
c. 50%
d. 25%

ANSWER – 50%. Only half of such businesses regularly backup their data and even lesser than that have a disaster recovery plan in place. What this means is that when a data breach occurs, the downtime is significant and the loss of data is not negligible.

What you can do – Regularly back up your corporate data. You can schedule an automatic backup at a preferred time. You may choose a cloud infrastructure or physical devices for the backup. Ensure that you go with a trusted vendor with a dedicated customer support channel.

6. If an SMB monitors and manages its user privileges, it is more secure.

a. True
b. False

ANSWER – True. Security can be maintained if a company regularly monitors and manages all the user privileges and entitlements that it provides. Apart from this act, other precautions that enterprises should take are hiring credible IT staff members, adhering to IT policies and also carrying out effective background checks of their employees.

What you can do – The endpoint solution that you plan to deploy should also provide a solution which can be used to define user groups based on the hierarchy within the enterprise.

After reading this, what do you think about the enterprise security methods that your business has adopted? If you are looking out for some innovative and efficient security solutions for your SMB, or even your large corporation, we have a range of products like Seqrite Endpoint Security on offer for you. This solution comes with all the essential features required for any SMB to keep its network and data safe from Internet and malware attacks.

We understand the importance of data security and avoiding breaches for small business. With simple solutions that are designed to delight you, we promise to safeguard your organization’s security and help you reach greater heights.


This post has been updated as of 24.06.15.


Rahul Thadani

Rahul Thadani

No Comments, Be The First!

Your email address will not be published.