Very small businesses (VSBs) with fewer than 25 employees are the least likely to view an IT game plan as a top strategic concern.

In fact, according to a Kaspersky Lab’s 2014 IT Security Risks report, only 19% of VSBs worldwide reported IT strategy as one of their top-two strategic concerns, compared to 30% of businesses with more than 100 employees, and 35% of enterprises with 5 000 employees or more.

This is a key challenge for VSBs, the report concludes, since an effective IT strategy is a vital component of any successful business, and if managed properly, can enable a small business to accomplish big things.

Many of small and very small businesses believe that they are too small to be targeted by cybercriminals and don’t have any data that cybercriminals would want.

However, Verizon’s 2013 Data Breach Investigations Report, which includes data from worldwide forensic investigations, found that of the 621 data breaches analysed, more than 30% occurred at companies with 100 or fewer employees. As soon as companies begin processing credit card payments, storing customer information, or even creating plans for new products, they possess information that is valuable to cybercriminals.

Some cybercriminals may prefer these “soft targets” that are known to have poor IT protection.

According to Kaspersky Lab’s survey, VSBs understand the dangers of online threats. When asked about their top concerns associated with business IT, 35% of VSBs ranked data protection among their top-three choices. This shows a lot of VSBs are aware that their IT strategy plays a vital role in protecting sensitive data and keeping their daily business operations from being crippled by malware and cybercriminals.

Also, VSBs are well-informed about the benefits – and security risks – of using mobile devices within their businesses, with 34% of VSBs saying they have integrated mobile devices into their IT systems within the past 12 months, a rate of adoption that is nearly identical to larger businesses.

Moreover, VSBs are actually leading the charge in mobile device security awareness, with 31% of VSBs listing “Securing Mobile/Portable Computing Devices” as one of their top-three IT security priorities for the next 12 months. This number seems high compared to the global average of 23% of all businesses that have prioritised future mobile device security for the coming year

These findings show that low VSB prioritisation of IT strategy – and, by extension, IT security – isn’t being caused by low awareness of important IT security issues. A reasonable conclusion is that a lack of budget remains the biggest barrier preventing VSBs from adopting more advanced IT and IT Security measures.

Therefore, Kaspersky Lab advises VSBs to invest in the security measures that will provide the most immediate benefit for the threats they commonly face.

According to VSB survey respondents who reported losing business data from a cyber-attack, 32% reported “malware” being the cause of their most serious incident, a rate that is double what was reported by enterprises (16%).

Another significant source of data loss for VSBs was traced back to “Software Vulnerabilities,” reported by 9% of VSBs, a rate that is nearly the same as the 8% global average citing this factor. This means software vulnerabilities
are a security issue that affects businesses nearly equally, regardless of size.

Kaspersky Lab recommends a comprehensive security solution as an investment VSBs should consider.