SMBs are vulnerable to the same security threats as larger organisations. Here is how to protect your valuable data from breaches, hackers and other dangers
Small and mid-sized business (SMB) owners may have misconceptions that leave them vulnerable to cyberattacks, data loss and service disruptions.
Shielded by little more than a firewall and a false notion that they are too small for hackers to target, many SMBs don't take the steps needed to adequately protect themselves. If you don't take the necessary precautions to secure your network, then it's not a question of if you will be breached, but when you will be breached.
However, knowledge and expert help can deflect cyber-threats. Here are four keys to preventing a security breach on your network:
1. Don't be low-hanging fruit
You might be a small business, but cybercrime is big business. It's growing and well organised. News of attacks on huge companies like Sony or Google, which make substantial security investments, only illustrate the capabilities of today's hacker. If a business stores customer or financial information online -or even works with a partner who does-it can be a lucrative target. Cybercriminals methodically test to find weak links. If the reward for breaching an SMB's defenses is higher than the risk and challenge posed, it becomes an easy target.
2. An ounce of prevention is worth a pound of cure
Businesses often learn of their security vulnerability only once they are exploited. Worse, today's hackers are focused on hiding-sitting insidiously on the network to continually reap ill-gotten gains. Securing a network before it is compromised is considerably less expensive than later securing it, rebuilding reputations and paying fines or lawsuits. Such costs can force an SMB to close its doors, and no one wants to be the poster child for bad security.
3. New technology = new risks
New technology options, like social networking, introduce new attack vectors for cyber-threats. Criminals can use social networks to learn key facts about individuals for con artist-like social engineering to gain greater access. In addition, those pesky social network applications create a new window for possible malicious access into the network. Employees can also accidently share information that competitors, the public and even criminals might ordinarily not have access to.
The bring your own device (BYOD) trend can provide advantages in terms of cost savings, allowing employees to use their own (or company-subsidized) smartphones, tablets and laptops. Still, they increase the surface area from which cyber-criminals can attack, and many existing security solutions do not protect new devices. Since these devices perform double duty as work and personal devices and may have multiple users, it's challenging to enforce corporate security policies. Plus, IT departments may find it difficult to secure devices from multiple vendors, in comparison to securing a standardised corporate device.
Another security issue with smart devices is that they have the ability to store data on the device. Since these devices are more susceptible to being lost or stolen, you must put the appropriate safeguards in place (i.e. encryption, multi-factor authentication, remote wipe, etc.). Otherwise, a lost or stolen device can result in a cybercriminal gaining physical access to confidential data. It's important to consider all of these BYOD security challenges before letting employees use their iPads for business.
4. Mind your P's
Good security isn't just about having technology in place. Good security is a three-legged stool balanced on people, processes and technology. Employees must be trained to act correctly and safely, and policies must be put in place to reinforce the actions that comply with the company's security needs, compliance requirements and customer expectations. Take away any one of these, and everything collapses.
Defending against these "attack vectors" is a daunting task for even the largest businesses. Monitoring security 24/7/365, as needed today, requires a minimum staff of five hard-to-come-by security experts, and many SMBs have only one IT resource who manages everything.
An answer to this problem is reaching out to a managed security service provider (MSSP) for help. Industry analysts have recently recognized the valuable role of MSSPs and the role they play in keeping businesses secure. Look for an MSSP who is recognised as a leader in its industry and offers proven expertise in securing both its own communications network and those of its customers.
Craig Deveau is the senior product manager, managed security services, for Allstream, a Dell SecureWorks reseller partner based in Toronto.