Sure, it is fun complaining about trying to implement security in small business IT, but there are some real advantages that help offset many of the problems we face.
People are a great example- we get to know them. You don't have to like all of them, but knowing a bit about the personalities in your company can bring some valuable insights. New exploit in the wild? You already know who your "high risk" end users are- you can focus on the people and machines that are the most likely to be exploited because of the nature of their work or their habits. You also know which users will actually listen when you tell them that no one is sending them anonymous eCards, so don't open them- and focus your efforts on the, let's just say "harder to train" end-users.
In small business, we have to do it all. On the other hand, in small business we get to do it all. We handle most projects from end to end and have a better understanding of complete systems because of the added perspective. We also get to know our networks and systems very well. We learn what to expect when lightning strikes or the power goes out. We have a pretty good idea which applications might break on Patch Tuesday and can plan accordingly. If we stop, think and apply this knowledge before we start new projects, we can prevent problems and create a more secure environment.
Small businesses often offer a better quality of work life than big corporations. It is still possible to find loyalty in smaller companies. Small companies are more likely to be flexible with schedules and other intangibles. At my "real job", we have just over one hundred employees; about a quarter have been with the company over eight years and four of us have been here over twenty. That doesn't count the owners or their family. And that's in an industry with an average annual turnover above fifty percent. I don't think you will find many corporations that can put up numbers like that.
Yes, sometimes we have to battle to simply get a password policy, forget having a good one. Sometimes we simply have to cut corners (so do the big guys). But there are real opportunities in small business IT, so use them to your advantage.