Every six to eight months, a zombie attacks the e-mail server at Guy Brown, a Brentwood (Tenn.) company that refurbishes and sells office products. It's not a Dawn of the Dead zombie, but a virus that invades computer systems to send bogus junk mail. The intruder has even caused one of the $150 million company's biggest customers to stop accepting its e-mails. "A small business is about the relationships you have," says Philip Markuson, senior vice-president for operations at the 70-employee company. But cyber compromises can make clients start wondering whether "you have trouble running your business properly and diminish the trust you've built up," he says. That's why Guy Brown is upgrading security for its technology infrastructure, including spending about $5,000 to create a virtual padlock to keep out Internet hackers.
Smart move, and one that is not as common as it should be. More small businesses now have Web sites and e-commerce capabilities—potentially exposing company and customer data to thieves—but lack the safeguards many big companies have in place. About 57% of small companies don't think they need a formal plan to secure their data, and 61% say they never sought information on properly protecting their files, according to a March, 2007, survey by the National Federation of Independent Business and Visa USA. "Criminals look for the weakest link in the chain," says Gurpreet Dhillon, a professor of information systems at Virginia Commonwealth University. "Where's the weakest link? Small businesses."