SMBs vs. enterprises: Does data security differ between the two?

Different people – and different companies – have varied interpretations of data security. Maybe you’re a small corner store, and for you, “security” always translated to locks on your doors and new tapes in your surveillance camera. Or, maybe you’re an international tech enterprise, and the word conjures thoughts of extensive antivirus and endpoint security software focused on keeping hackers out of your system. However, it doesn’t matter if you’re dominating the data security game or barely keeping your company afloat. If you’ve ever tried to protect your business from a threat, you know there will never be one approach that applies to every organization. The search for a silver bullet will only waste your time.

Below are three tenets of data security that resonate in different ways for enterprises and small to medium-sized businesses (SMBs). No matter the size of a company, one thing is certain – the key to protecting sensitive data is understanding the risks your team is facing.

Security team size

Gartner defines an SMB as a company with fewer than 100 employees, or less than $50 million in revenue. Within organizations of this scale, it’s not uncommon for one small team to handle IT support, data security and a few other garden-variety technology tasks. For such teams, it’s important to stay educated about security threats and keep up to date with the risk landscape for your business.

Meanwhile, enterprises might have multiple layers of security and IT teams, each dedicated to different responsibilities. For organizations of this scale, education is equally important – and if an employee notices an issue or area that could be made more secure, she should feel comfortable starting a conversation that travels through the reporting chain.

Types of data you collect

An enterprise’s data security strategy might include encryption, frequent backups, a formal sensitive data disclosure process and other safeguards that are untenable for some SMBs. Those processes might also create an expanse of unstructured data, which must be as secured and protected as any other data type, and introduce management issues that SMBs deal with less often. Still, the type of data a company gathers and retains often depends on its industry; a two-person criminal defense firm, for example, might be storing files that could personally endanger victims from former cases if they were leaked. Regardless of company size, any organization that facilitates monetary transactions, drives marketing campaigns with data or occasionally disregards safe data retention and transfer policies will put its users in serious danger if it’s not careful.

The universal damage of a breach

In some ways, enterprises can absorb costs related to security issues in ways SMBs can’t. For example, Rhode Island’s recent Identity Theft Protection Act implores companies to adhere to “reasonable security procedures” while charging penalties of up to $200 for organizations that expose residents’ private data. While the act aims to incentivize companies to improve data security, it provides few training or educational resources for SMBs – in a carrot-and-stick comparison, it’s 100 percent stick, no carrot.

Whether you’re aiming to secure data on a shoestring budget or enlisting a team of seasoned experts to protect your information, a security breach could lead to your customers, employees and partners suffering from stolen identities, financial issues and worse. And no matter the size of your company, it’s tough to regain customer trust after a security breach – period. It’s critical for companies of every size to maintain visibility into their data, stay up to date about the security climate and dedicate resources to keeping their information safe.

To protect your enterprise or SMB, think twice before sending three data types to the cloud.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.