Microsoft: Majority of Small Businesses Feel Vulnerable to Security Breach

Microsoft is adding protection against phishing attacks, ransomware and support for data-loss prevention to the small business edition of Microsoft 365, the company’s subscription-based bundle launched last year that includes Windows 10 upgrades, Office 365 and the Enterprise Mobility + Security (EMS) service.

One feature added to the Microsoft 365 Business edition is the scanning of email attachments using the company’s latest AI-based analytics to detect and remove malicious messages. The scanning extends to links in messages to detect whether they’re tied to any phishing attempts and offers protection against connection to ransomware and other sites that have malicious content.

Microsoft 365 Business will start letting customers protect data by defining policies identifying information deemed sensitive. It includes an upgrade to the Outlook mail client that can enforce encryption rules and prevent users from forwarding and copying email content. It will also enforce email backup and retention policies as well as BitLocker device encryption on Windows PCs to ensure information isn’t exposed from a stolen or lost device.

Many of these capabilities are available in the Microsoft 365 enterprise subscription that the company decided to bring down to the SMB version, released six months ago. Priced at $20 per month, Microsoft has said partners can position the added security and management services at a $7.50 increase over the $12.50 per month Microsoft 365 Business offering. It’s targeted at small and midsize business with up to 300 seats. But the sweet spot for Microsoft Office Business is those with 20-100 employees, said Bryan Goode, general manager of Microsoft’s small business segment, in an interview.

“The target market of customers that are going to be most interested in Microsoft 365 will tend to be those with 10-20 employees all the way up to 250 in the next year,” he said. “We think there’s a broad applicability for this set of capabilities.”

Microsoft 365 Business is primarily delivered by partners, Goode said.

“I think this gives partners an additional bit of value … instead of just going and selling productivity. And you know, thinking about customer productivity problems, it really expands the market opportunity beyond that,” he said.

The added security comes amid findings by Microsoft that most small business owners and managers fear they’re vulnerable to data breaches and admit they lack the basic security tools to protect themselves.

A substantial 71 percent of small business owners and managers believe that they are at risk of falling victim of a cyberattack, according to results of a survey conducted by YouGov for Microsoft. That figure rises to 87 percent among those who already have suffered a breach. Only one-half use some form of email encryption, and three in five (59 percent) don’t have any way to remotely wipe data from a lost or stolen device, according to the poll of 1,000 small business managers. Among those surveyed, more than half (53 percent) said they handle social security numbers, and more than one in four (29 percent) store bank account records.

“The results are pretty devastating when a small business suffers a data breach,” said Goode. Among those who suffered a crippling major breach, 60 percent are at risk of going out of business within six months, Goode added, though he was unable to qualify that finding.

Small business owners and managers are most concerned about falling victim to phishing schemes (73 percent), compromised passwords (73 percent), ransomware (72 percent), data leakage (71 percent), spoofing attacks (70 percent), zero days (65 percent), and information stolen from a lost device (64 percent).

Half of the respondents haven’t implemented more sophisticated security capabilities because they can’t afford it. More than one-third believe implementing better security requires costly specialists, and one-quarter are afraid of deploying the wrong technology.  

Microsoft released the findings and the new security features to Microsoft 365 in conjunction with National Small Business Week, the annual week of recognition to small businesses, which kicks off today.