Security and the SMB
by Kate Smith, Director, Sales & Marketing
When thinking about the security of our small and mid-sized businesses, the first thing that usually comes to mind is physical hardware such as firewalls and protection-based software such as anti-virus. While these technologies are crucial to protecting unwarranted access into our networks, there are often overlooked or unnoticed vulnerable points of entry that many SMB organizations may discover only after a breech.
One of the most obvious points of entry for any would-be hacker is through an organization’s employees. I have seen firsthand, customers contacting our support department requesting assistance with infected PCs and laptops only to uncover that the user themselves has either knowingly, or by not being properly educated, clicked on a link or downloaded an attachment they received through a suspicious email which provided an opening for a virus. I like to think that by this point we all know the rules of the game and employees are hyper-vigilant about what they click on and download, but that’s just not the case. It’s vital to educate users on proper computer usage to combat against user created vulnerabilities.
While on the topic of users, another easy entry point is through weak passwords or passwords that are used for numerous websites, portals, and access points.
It’s a quick task on the IT administrator side to set policies that require users to change passwords every 30, 60, 90 or whatever days, and to require a complex set of upper case and lower case characters, at least one numerical character, and one special symbol. Additionally, users should not be allowed to repeat passwords; a new password policy prevents employees from simply switching back and forth between two known passwords.
User access to network information and resources is critical to daily business functions, and as workers become less tied to the traditional office setting and begin relying more on mobile devices, additional security measures must be in place. The bring your own device movement, in which employees forgo companied issued equipment in favor of their personal devices for daily work, has given rise to Mobile Device Management. This software-based security measure allows IT administrators to monitor, manage and secure any device requesting network access.
Besides people, information is a company’s greatest asset. What would it mean to your organization if all of your sales data, financial information or proprietary data were lost? To most SMB organizations it would be crippling. When working with SMB organizations and talking about security the conversation inevitably turns to backups.
Unfortunately, it’s common to hear that an SMB backs up data through their own ad-hoc process which often is riddled with vulnerabilities. Backing up data to external devices or thumb drives is not a sufficient procedure. What if the device is stolen, lost or damaged leaving the data inaccessible? It’s vital to have a backup solution with a reputable third-party provider who can securely backup and retain data. Any reputable backup solution will utilize backup schedules, retention policies, versioning, etc. all through an easy to access interface.
These points are just a few of the most common situations we see when engaging with new SMB customers. The most important action is to run a thorough vulnerability audit or penetration test. This exercise should delve deeply in an organization’s network infrastructure to analyze all hardware, software, network resources, users, etc. Any outsourced IT provider worth their weight will be able to provide such a service as well as a detailed report with recommendations for any uncovered vulnerabilities. From that it’s easy to plug up the gaps.
About the Author
Kate Smith, SecurElement’s Director, Sales & Marketing is responsible for SecurElement’s overall sales and marketing strategy as well as ongoing partner relationships with organizations such as Microsoft, Cisco, Barracuda and many others.