What to Fix, What to Manage and What to Outsource

The risk posture of small and medium-sized businesses has changed a lot over the last few years. Bluntly: small businesses inherited a series of digital risks. Many of these risks, such as supply chain and cloud-related risks, can wound and devastate a small business. Meanwhile, the enterprise, armed with more resources, could sustain the shock. When, and how, do you need to boost your small business cybersecurity? 

There are non-digital risks too. (Think manufacturing, raw materials and non-software supply chain issues.) These make operations fragile but still may have a digital trail somewhere. These issues also impact small businesses, which, by themselves, have very little influence over them. 

Despite this fact, small businesses make up almost 99.9% of businesses in the U.S. and employ nearly half of the workforce, even during the COVID-19 shutdowns, according to the U.S. Small Business Administration (SBA). Therefore, with such a huge footprint on and threat to economic stability, it is no surprise that the SBA offers some basic guidance to small businesses to stay safe from cybersecurity threats and recover from disasters. 

But there is good news for small businesses, too. They can leverage some enterprise-level material to become more resilient. The concepts and methodologies are often the same; it is the application and details that are adjusted based on scale and scope. 

Why Does Small Business Cybersecurity Matter?

Before, small businesses enjoyed some ‘cyber immunity’. Candidly, operations were simpler, at least from a technical sense. Weathering a ‘cyber storm’ was easier because of fewer dependencies, such as not relying on a digital database. Small businesses were more likely to use paper records, which are at risk to different types of threats, but nonetheless protected from the digital space.

Many of these protections have eroded, though, because of e-commerce. Good ole fashioned cash and register or copper line, modem-connected credit card authorization machines are now replaced with a mobile phone, a card reader adapter and a 5G connection

Growing up in a small, family-owned business, the closest thing we held to…