Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses

Author: Craig Pollack Date: Jun 06, 2019 Topics: Cybersecurity

The big companies may be grabbing all of the headlines and attention when it comes to cybersecurity breaches, but did you know that SMBs have the most to lose in the aftermath of a data breach? From Target to Yahoo to LinkedIn to Equifax, it seems that every week we're hearing about the another large company who's been hacked and how their sensitive information about us is now available on the Dark Web. As it turns out, hearing about things this way is really leading us to a false sense of security (no pun intended).

The reality is, small and mid-sized businesses may have even more to lose when it comes to being impacted by a cybersecurity breach. From the immediate damage (financially as well as lost productivity) to the lasting harm to a company's reputation, the stakes for getting your cybersecurity under control have never been higher for smaller businesses. According to the US National Cyber Security Alliance, an estimated 60% of small companies will go out of business within just six months of a cyberattack, illustrating the real-world consequences of inadequate cybersecurity measures.

As technology advances, so will the prevalence and scope of cyberattacks. Every day, the Internet of Things (IoT) is making our world more interconnected, with an estimated 20 billion loT devices expected to be deployed by 2020. With this increased connectivity and greater reliance on mobile technologies come additional points of vulnerability - and the potential for greater damage from cyberattacks.

It's not about how big you are.  And it's not about no one wanting your information. This is simply the new reality of the digital world.

The Risk for Small and Midsized Companies

Statistics show that small and midsize businesses are more vulnerable than large corporations to a breach. In Verizon's 2018 Data Breach Investigations Report, 58% of malware attack victims were categorized as small businesses.

The most alarming statistics, however, relate to the potential monetary and long-term impact of a breach. The Ponemon study notes that in 2017, the average cost of cyberattacks on small and medium-size businesses was more than $2.2 million, with malware-related costs averaging more than $1 million in damages or theft of IT assets and more than $1.2 million as a result of the disruption to business operations. These are staggering numbers, and they help explain why an estimated 60% of small companies go out of business within six months of a cyberattack.

Being Proactive about Network Security is the best protection

Given this landscape, maintaining a healthy and secure network not only ensures uninterrupted access to your technology for your business to operate effectively, it also speaks volumes about the quality and caliber of your organization as a whole.

Running an insecure network can cast a shadow of doubt on your organization in the eyes of existing clients — as well as prospective ones. However, while it may be counterintuitive, it’s astounding just how many businesses choose to be reactive in their approach to network security rather than proactive. They elect to only respond to threats when they arise rather than doing something in advance to help prevent them (or at least mitigate the risk of being susceptible to them) in the future.

As such, this means that some businesses choose the “Web MD” approach to their network health assessment. They use their in-house IT staff — people who are frequently overwhelmed or lack resources — to try to assess and handle their network health and security issues. But, considering that many businesses lack the necessary resources in terms of technology, time, and manpower, they may not be as effective as their organizations need them to be.  


Finding a high-quality managed IT network security provider to assess and handle your network health concerns is much like finding a knowledgeable and proactive healthcare provider. Would you want a doctor who merely treats the symptoms of health issues, or would you rather work with someone who looks for the underlying causes and recommends changes you can implement to prevent them in the future?


The most effective way to start is to begin with a network health assessment. Although this tool is frequently used to evaluate the overall network health and the quality of your IT services, it can provide some useful insights into your overall network security as well. This, particularly in conjunction with network penetration testing, is a great way to start to improve network security.

In addition, and if you don’t already know this, your employees pose the most significant threat to your firm’s and clients’ data. Employees are the weakest link in your cybersecurity defenses and are typically susceptible to social engineering techniques such as phishing attacks.

Whether your business is large or small, it’s critical that your company’s user security awareness training becomes a valued and integral part of your employees’ work life culture. I've put together a list of questions here to ask yourself (or your IT guy) to help assess the basic security level of your business’ network.


As a leading managed security services provider (MSSP) for organizations in the greater Los Angeles area, we've designed our approach to Managed Security Services (MSS) as an organized and effective way to detect and prevent intrusions, as well as help your employees prevent security events by learning about security threats so they don’t fall prey to attacks. Our recommended security services include:


Needless to say, cybersecurity is more complex than ever before and the ramifications are more far-reaching than most realize - especially for small to mid-sized businesses. Getting ahead of this proactively is the best way to ensure your business is best protected.

Are you doing everything you could be doing to protect your business? Or are you running into issues preventing this?  Be sure to share your thoughts in the comments section below or shoot me an email if you'd like to discuss this in more detail.


Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.