Aberdeen’s “Research Meets Reality” is a digital series that provides an unparalleled convergence of thought-provoking research with real-world anecdotes. In this episode, Mike Lock speaks with Aberdeen’s Cybersecurity Research Director, Derek Brink about the steps today’s small businesses can take to secure their online entities while staying on a budget. 

According to Aberdeen’s most recent small business technology research, Data Security is one of the top technology challenges small businesses face…yet their #1 challenge is a lack of in-house technical expertise.

This video discussion goes into detail, uncovering whether security is a significant unmet need for small businesses. Many indicate that they must improve data security efforts as well as improve the overall employee user experience. However, several small businesses demonstrate a lack of technical expertise to implement and manage new systems. This is #1 concern regarding new investments in technology for small businesses.

In this video, Brink discusses two goals of security:

  1. Manage downside risks to an acceptable level, and
  2. Enable / protect upside opportunities

Additionally, if you’re a small business owner or manager today, there are questions you need to ask yourself: How should you be thinking about security? What are the major aspects of your digital footprint that you should be concerned with? For this, Brink speaks to the classic “C.I.A. Triad” of security — confidentiality (aka privacy), integrity, and availability. To tie this back to the overall discussion — unplanned downtime = the “A” … data breach = the “C” … ransomware could be both “A” and “C”.

Aberdeen research shows that about half of small businesses have a total annual tech budget less than $50k. For even smaller companies, fewer than 25 employees, half of them have a budget less than $20k. This video answers questions like: How do you prioritize security solutions with this degree of resource limitation? Are there best practices that perhaps don’t involve technology investment at all? There are also no-cost/low-cost things like keeping patches up to date, common sense behaviors with respect to phishing, etc.

As Brink explains, the overall takeaway from this episode of Research Meets Reality is that first and foremost, information security is a business issue, not a technical issue — if you’re in a technical role, you need to start with the business needs, the risk perspective, and then translate that back to the technologies and processes that are needed to deliver that.