Small Businesses Need Protection from Security Threats

I have always been concerned with small businesses being protected against modern threats.

With the majority of my experience supporting small businesses, I have seen first-hand how devastating malware attacks can be.

If a server goes down in a large company that has thousands of servers, it becomes a priority call to the Data Center to get it back up.

Many corporate Data Centers have a time limit to get systems back up and running.

A standard policy might be to respond within the hour, and the server has to be back up in four. It is an inconvenience, but not always a really big deal.

If a server in a small business goes down that has a grand total of one or two servers, it could be detrimental to the business.

The same is true if confidential or proprietary information gets siphoned from a small business by a botnet or other type of malware.

Small businesses also do not have large IT support centers to install updates and patches. Many times IT support is one or two people who have other jobs to perform in addition to running the servers.

Small businesses are victims of cyber-crime, and sometimes are critical to US infrastructure.

According to a recent Fox Small Business Center article, Symantec found in an earlier survey that 60% to 80% of security issues could be resolved by a patch released six months or more ago, and also that 80% to 85% of critical infrastructure is in the private sector and a good portion of it is small businesses.

Small businesses need to become more aware of current security threats. In most small businesses the whole system defense scheme centers around firewalls and anti-virus. Most modern threats easily bypass firewalls and anti-virus.

So, what can small businesses do?

“According to Symantec, the first step is to develop and enforce IT polices. The policies need to be clearly defined and implemented across all locations of a business. That way, threats can be identified and taken care of regardless of what office it happens in.”

And also to make sure that software patches and updates are installed.

Zero day exploits, which are previously unidentified software exploits that allow hackers complete remote access to your system, are found constantly. Keeping up with these can be a chore, but is a critical step in protecting your network.

Along with security policies and update patching, I also believe that it is critical for small businesses to have some level of network monitoring installed.

A full blown intrusion detection system may be overkill, but just turning logging on in firewalls, routers and network devices may help track down attackers in case the worst happens.

Cross-posted from Cyber Arms

Copyright 2010 Respective Author at Infosec Island

Share article:
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

REPLY

You must login in order to reply.

Panel's Jotter

Editor Intelink says:(2012-10-02 10:49:19)

“Een kwaliteitsslag voor school, student en stagebedrijf” Het herkennen en correct behandelen van bedrijfsvertrouwelijke informatie. Het programma speelt tevens doeltreffend in op de sterk toenemende behoefte aan Social Media Integriteit van stag...

On: Stagevoorbereiding voor MBO en HBO: Bewustwording Bedrijfsgeheimen & Social Media Integriteit
Danny Lieberman says:(2011-05-09 13:35:04)

As one of the pioneers in DLP - data loss prevention and an active thought leader in the field since 2003 - it is typical for people who discover that the emperor is naked to take knee jerk reactions. IT and HR procedures are part of a set of data...

On: WikiLeaks legt menselijke factor bloot (EN)
Rachel McShelley says:(2011-03-31 10:01:15)

Blijft helaas onduidelijk waarom BitDefender dit opvallend en vooral ook een beveiligingsrisico vindt.

On: Facebook: 42% onbekende online vrienden
View all replies»

Join us on:

  • Facebook
  • LinkedIn
  • RSS
  • Twitter


Panels

Join our Research Panel!
Sign up for: Study into Information Leakage in the Netherlands 2010


Publications

News and analyses on Human Factors & Awareness


Upcoming events

No events