Effective Information Security Strategies for Small Business

The purpose of this quantitative ex-post facto study was to evaluate a small business information security system composed of a computer-use policy, information security training, and virus and malware protection. The DeLone and McLean Updated Success Model provided the foundation for the small business information security system model and constructs measured in the survey. The population consisted of small businesses with less than 100 employees and independent (non-franchise) in North Carolina, South Carolina, Georgia, Florida, Alabama, and Tennessee. The model contained four relationships incorporated into four research questions and four hypotheses including four null hypotheses. Each of the three components indicated a positive relationship with the variable of positive use experience. Recommendations include small businesses using the small business information security system as a comprehensive system to protect their business from security incidents. Information technology consultants should implement this comprehensive security system for small business clients to prevent security incidents.