Information Security Practices In Smallto-Medium Sized Businesses: A Hotspot Analysis

Small to medium-sized enterprises (SMEs) in North America do not always adequately address security. Based on responses from 232 SME owners and managers, the authors found that the adoption of security recommendations made by experts appear to be significantly influenced by the decisions of other local SMEs. A hot-spot analysis of information security practices suggested that local trends lead to prioritizing certain security practices and not adopting others. Follow-up interviews with business owners and Chamber of Commerce directors provided insights on how security hotspots developed or not. The study identified both hot spot and cold spot communities, and sought to assess how local business networking conduits like chambers of commerce help promote best security practices