Question: For SMBs struggling to provide the upfront capital expenditure to purchase and deploy security technologies, what approach would you recommend?"

-  David DeCamillis, Platte River Networks


Answer: Traditionally, smaller businesses believed they were less likely to be targeted by hackers due to their size, but this simply is not the case.

Without the proper security measures, any organization—regardless of size—is vulnerable to data breaches.

AndersonFor example, one Midwest online retailer’s system was exposed to Cryptowall malware.

Within six months, the company declared bankruptcy.

Particularly for smaller businesses that are unlikely to have the resources to recover from a costly breach, this is a fairly common outcome.

If anything, such news should underscore to other small businesses the importance of comprehensive cybersecurity measures.

There’s no doubt that enhanced security technology can be expensive.

Fortunately, more SMBs are now looking to managed service providers to help them protect critical assets and customer data.

MSPs have a vast network of resources that SMBs can tap into to find the best and most affordable solution to meet their organization’s specific needs.

Although a recent Webroot study, issued in conjunction with Wakefield Research, revealed 80 percent of SMBs plan to use third party IT security resources in 2017, it can be difficult to know where to begin.

I recommend SMBs start with a professional security audit to truly understand the needs of their business and the current state of their security, then assess the best places to invest.

For instance if the retailer I mentioned previously had invested in some form of disaster recovery/business continuity measures, such as a backup, they’d have been able to recover from the breach, rather than going bankrupt.

Additionally, there are other simple steps organizations can take to keep themselves, their data, and their customers safe.

For example, organizations should keep software and operating systems up to date and apply patches as soon as possible.

Another important step is for organizations to know where their data is stored and how it is used.

Sensitive data needs extra care since it is a high-value target for hackers.

These days, when we’re talking about the possibility of a security breach, it’s more a matter of ‘when,’ not ‘if.’

While upfront costs or efforts may seem daunting at first glance, the consequences of not investing in the security technologies your organization needs could be significantly more devastating.

Given the increasing variety and prevalence of cyberattacks in recent years, the only way to stay safe is to determine and invest in the right blend of affordable, effective security measures.


George Anderson is director of product marketing at Webroot.

“Ask a Security Expert” is an occasional feature. Send tips and news to