While two of five small-and medium-sized businesses still don't have an online presence, those that do increasingly worry about the security of their data, in particular, as they conduct more business through their Web sites. A June 2010 survey by Symantec of 2,152 global SMBs revealed small businesses rank online attacks and information loss as their top business risks.
It's understandable; 73% reported they were the victims of cyberattacks in the past year and 42% said they had lost confidential or proprietary information. And considering the costs of a single breach: $202 per customer record according to a Ponemon Institute study, security continues to be a growing concern. SMBs also wonder about security with cloud computing, the Internet service which enables users to share resources and information and which is provided to users over the Internet and on-demand.
And for those SMBs that work with a Web hosting provider, they don't always know how breach-proof their Web site is, especially given the security of their site is largely based upon the infrastructure their hosting partner is providing. This includes being fully compliant with data security and privacy regulations. Here are some tips SMBs should consider when assessing a current or prospective Web hosting provider's security.
What features ensure that systems, applications, and data residing on them are secure?
These include the physical security of the provider's network operations center, data centers, and individual servers as well as the robust nature of its systems security -- its firewalls and intrusion-detection and prevention systems. Make sure, for instance, that if something happens to the provider's main data center, there are proper backup plans in place.
Specifically, how do I tell just how secure a Web hosting provider is?
Use several approaches. Ask about internal firewalls. Find out what they use to keep the nasty people out, and then go online to see what people say about those products. And check about backups and whether they back things up for you. How many levels of backup do they provide?
What other questions or observations can I use?
See if the provider offers 24/7 phone support that's toll-free in your area. If a person answers your call rather than a recording, that's a plus.
Are there other security concerns to consider as I expand my e-commerce capabilities?
Determine if the host provides secure hosting using SSL, and a "Shopping Cart." SSL is necessary to collect credit-card payments on your site.
What about security concerns, if any, under cloud computing?
Generally, cloud computing solutions have focused on large enterprises, but solutions are becoming more germane and better focused on challenges impacting SMBs. You should look specifically at a Web-hosting provider that recognizes how different the needs of SMBs are than those of enterprise organizations. What the "cloud" offers, basically, is a way to leverage the resources of the Internet, such as increasing capacity or adding capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. It encompasses many subscription-based or pay-per-use hosting services that, in real time, extends existing IT capabilities.
In addition, cloud-computing services provide additional dynamic and on-demand features that SMBs will find advantageous. These services may also prove valuable as an SMB's business grows. With the click of a button, SMBs can upgrade services with their provider and better serve new customers.
Clearly, security is -- and should be -- of critical concern to SMBs, especially if they engage heavily in e-commerce. Until recently, there was a perception that cyberattacks were something only enterprises should worry about. But as hackers persist and get more sophisticated, SMBs are getting very serious about protecting their information and securing their data. Which is why it is critical for small businesses to address security concerns as they expand their online presence.
Mitch Merrifield is senior director of managed computing solutions for Verio.