July 3, 2018 By Kevin Beaver 3 min read

Have you ever been in a situation where multiple adults are attempting to solve a problem, but a small child is the only voice of reason in the room? Children often lack a filter — and have a unique type of wisdom that can only stem from a young person’s perspective of the world. Why can’t we harness these powers for the business world?

Well, small and midsized businesses actually can offer valuable security lessons to business leaders at larger organizations.

Security is an imperfect field that involves many aspects of politics, culture and (above all) common sense. But small and midsized companies tend to have advantages. Why? They’re not as set in their ways as large enterprises, they don’t have as many internal conflicts and they often don’t have a shareholder-centric business model. As a result, smaller businesses tend to make decisions more quickly.

The Vicious Cycle of Bystander Apathy

For large organizations, it often takes a dozen weeks — and a dozen people — for even the smallest tasks to get started. It’s an unproductive mess, to say the least.

In many cases, these businesses appoint the wrong people to make important decisions and are therefore ill-equipped to execute them. It’s the epitome of bystander apathy: Everyone is sitting around the table looking at everyone else, assuming they’re going to take care of things. Then, months — and even years — pass and nothing happens. The cycle continues as security risks grow.

Then there’s security implementation: Most larger businesses have mastered the bureaucracy aspect of security. There are cool titles, figureheads and documented policies — but nothing of substance is getting done. Small and midsized businesses, meanwhile, are better positioned to identify security risks, see opportunities for improvement and immediately act on their discoveries. They get the budget, procure the product or service and implement (as necessary) to see it through. They then integrate the management of the product or service within their own business needs or environment.

Poof — it just works!

Why Security Must Be a Shared Responsibility

What is perhaps the most significant thing that stands out about smaller businesses? When it comes to security, everyone chips in. Rather than deflecting responsibility, more nimble organizations are full of people who do whatever it takes — whether that means evangelizing the security message among employees, working with business partners and customers to ensure that security requirements are met on the sales and marketing side or outsourcing security to the proper vendor.

When everyone works together to make security work, it sets the business up for tremendous success over the long haul.

For security to work effectively in larger organizations, it requires more motivation, more effort and the necessary talent to see it through — the latter of which is often missing. Of course, there’s no changing certain aspects of big businesses because some bureaucratic complexities simply cannot be stopped. But they can be overcome with the proper discipline on the part of executive management, both inside and outside of IT.

Knowing what we know today, security must be a highly regarded, board-level issue that is managed like any other critical business function.

Translate Security Lessons Into Forward Progress

Even with strong management support, it’s dangerous and frankly unrealistic to assume that everyone will do all the right things all the time. This assumption is probably the most difficult security challenge to overcome for larger businesses because everything is as it is — and it’s unlikely to change. In small and midsized organizations, it’s easier to shape behaviors, implement more meaningful security controls and even adapt business processes when necessary.

Pay attention to this security reality: If you work for a larger organization, do what you can to adapt and progress. There are so many opportunities to right the ship at the grassroots level — even when it seems like your voice isn’t heard.

Simple things done well over time will get noticed and can ultimately make a big difference in the business and its security efforts. If you manage security in a smaller organization, know that security is not going to get any easier than it is today. Make it right and do things well so that you can grow into your security program over time.

For any business, regardless of size, the important thing is to approach security with a clean slate. Try not to let past decisions and experiences affect how you move forward today. When all parties involved take a measured and prescriptive approach, it’s possible to implement an effective security program in even the largest organizations.

Learn how to build a corporate culture of security awareness

More from Risk Management

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today