Businesses have security challenges, particularly with regard to their information, which can result in the loss of personal data. Both large and small firms are vulnerable to cyber attacks, but cyber thieves prefer smaller businesses (Majchrzak, 2014). Small business owners believe their company's size is negligible and do not perceive the necessity to fully protect their data. They believe that because they have fewer consumers and credit card numbers, cyber attackers will avoid them. However, cyber criminals are not simply interested in passwords and credit card details, therefore smaller firms are more vulnerable to information insecurity than larger organizations. The needs for information security for small businesses are more than in large organizations since they are greatly targeted due to ease of access. Hackers know that mall enterprises lack resources and policies on cyber security thus, hacking their unprotected systems is very easy. Small enterprises also have everything the hackers want since they have information related to customers, employees, and other organizations such as banks they operate with (Nguyen, Newby & Macaulay, 2015). They are also many and tend to provide a big market to be exploited by cyber criminals. Larger organizations have tightened their security systems pushing the criminals to look for smaller enterprises. Small businesses need more security for their systems since non-compliance costs are high especially if they are attacked and vital information stolen.
2. It is a good idea to adhere to IT security policies as required by governments regardless of the costs involved since it helps in preventing unauthorized access to citizens' information, reduces loss, corruption, and prevents disclosure of information. The policies help in ensuring confidentiality since important information is not revealed to third parties, which increases integrity of a venture (Siponen, Mahmood & Pahnila, 2014). It is for the best of everyone including the government, organization, and customers that proper management and operation of the systems is done efficiently regardless of the costs. This ensures business continuity, protection of customers' data, and compliance with regulations. If no policies are put in place, every business will act according to its perceptions of management causing confusion and risking the information of the clients.
References
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees' adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224.
Majchrzak, A. (2014). Information security in cross-enterprise collaborative knowledge work.
Nguyen, T. H., Newby, M., & Macaulay, M. J. (2015). Information technology adoption in small business: Confirmation of a proposed framework. Journal of Small Business Management, 53(1), 207-227.
