July 3, 2018 By Kevin Beaver 3 min read

Have you ever been in a situation where multiple adults are attempting to solve a problem, but a small child is the only voice of reason in the room? Children often lack a filter — and have a unique type of wisdom that can only stem from a young person’s perspective of the world. Why can’t we harness these powers for the business world?

Well, small and midsized businesses actually can offer valuable security lessons to business leaders at larger organizations.

Security is an imperfect field that involves many aspects of politics, culture and (above all) common sense. But small and midsized companies tend to have advantages. Why? They’re not as set in their ways as large enterprises, they don’t have as many internal conflicts and they often don’t have a shareholder-centric business model. As a result, smaller businesses tend to make decisions more quickly.

The Vicious Cycle of Bystander Apathy

For large organizations, it often takes a dozen weeks — and a dozen people — for even the smallest tasks to get started. It’s an unproductive mess, to say the least.

In many cases, these businesses appoint the wrong people to make important decisions and are therefore ill-equipped to execute them. It’s the epitome of bystander apathy: Everyone is sitting around the table looking at everyone else, assuming they’re going to take care of things. Then, months — and even years — pass and nothing happens. The cycle continues as security risks grow.

Then there’s security implementation: Most larger businesses have mastered the bureaucracy aspect of security. There are cool titles, figureheads and documented policies — but nothing of substance is getting done. Small and midsized businesses, meanwhile, are better positioned to identify security risks, see opportunities for improvement and immediately act on their discoveries. They get the budget, procure the product or service and implement (as necessary) to see it through. They then integrate the management of the product or service within their own business needs or environment.

Poof — it just works!

Why Security Must Be a Shared Responsibility

What is perhaps the most significant thing that stands out about smaller businesses? When it comes to security, everyone chips in. Rather than deflecting responsibility, more nimble organizations are full of people who do whatever it takes — whether that means evangelizing the security message among employees, working with business partners and customers to ensure that security requirements are met on the sales and marketing side or outsourcing security to the proper vendor.

When everyone works together to make security work, it sets the business up for tremendous success over the long haul.

For security to work effectively in larger organizations, it requires more motivation, more effort and the necessary talent to see it through — the latter of which is often missing. Of course, there’s no changing certain aspects of big businesses because some bureaucratic complexities simply cannot be stopped. But they can be overcome with the proper discipline on the part of executive management, both inside and outside of IT.

Knowing what we know today, security must be a highly regarded, board-level issue that is managed like any other critical business function.

Translate Security Lessons Into Forward Progress

Even with strong management support, it’s dangerous and frankly unrealistic to assume that everyone will do all the right things all the time. This assumption is probably the most difficult security challenge to overcome for larger businesses because everything is as it is — and it’s unlikely to change. In small and midsized organizations, it’s easier to shape behaviors, implement more meaningful security controls and even adapt business processes when necessary.

Pay attention to this security reality: If you work for a larger organization, do what you can to adapt and progress. There are so many opportunities to right the ship at the grassroots level — even when it seems like your voice isn’t heard.

Simple things done well over time will get noticed and can ultimately make a big difference in the business and its security efforts. If you manage security in a smaller organization, know that security is not going to get any easier than it is today. Make it right and do things well so that you can grow into your security program over time.

For any business, regardless of size, the important thing is to approach security with a clean slate. Try not to let past decisions and experiences affect how you move forward today. When all parties involved take a measured and prescriptive approach, it’s possible to implement an effective security program in even the largest organizations.

Learn how to build a corporate culture of security awareness

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today