SMBs: How to Take Control of Your Network’s Security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itbusinessedge.com/blogs/smb-tech/smbs-how-to-take-control-of-your-networks-security.html

In a recent SecurityInfoWatch article, Paul Lipman says of hackers, “If you
have a bank account, you’re a target.” This is true. All persons in this
now digital world are exposed. That being said, all businesses, small to
midsize businesses (SMBs) included, can be hacked, attacked, breached or
otherwise exploited in seemingly infinite ways.

Sophisticated firewalls once held hackers at bay. Now the threats are
coming at businesses from all angles.

You set up a Wi-Fi access point for guests and employees. Someone infects a
user’s mobile device with a Trojan or virus. Even if your company’s Wi-Fi
isn’t compromised, any employee who takes their tablet or smartphone to
lunch or to the coffee shop is also at risk. Hackers lurk where people
congregate. They seek out the vulnerable. They might get your credit card
information. Or better yet, they might hit the jackpot and make it onto a
corporate network with even more valuable data that is ripe for picking.
And if that doesn’t scare SMBs enough, there’s always the fear of internal
breaches from current employees or even third-party vendors.

Sadly, smaller businesses don’t usually have the funds nor IT expertise to
implement strong data security plans. And as Lipman says in his article:
"The security industry has let SMBs and SMEs down. Their incentives are
clear: call out and create urgency around the latest security threat,
produce a targeted solution to address the problem, and sell it at premium
prices to the large organizations with the resources to implement it.
 Obviously, this model is not accessible or sustainable for SMBs. They are
left to fend for themselves, which is frightening when you consider that
small business accounts for nearly 50 percent of the US GDP. The more SMBs
stick their head in the sand, the easier they are to prey on."
Instead of living in fear of the next big cybersecurity attack, TechZone360
gives SMBs a list of steps to become more prepared to prevent a breach or
handle an attack should one occur. The list includes the following
information:

1. As the owner, take control of your business processes, logins, and
network access. (Or put a trusted employee in charge.) Make sure that if a
breach occurs, passwords can be changed “across the board without relying
on employees to take action.” Be sure to change passwords when employees
leave the company.

2. Be sure third-party vendors and service providers employ strict security
policies andrely on encryption and authentication of data transferred
between your business and the cloud or other networks.

3. Provide ongoing security training for your employees. School them on
password protection, encryption, proper security practices and how and
where to properly access company data.

The good news for SMBs is that the government is now on the side of smaller
businesses. The Department of Homeland Security is pushing IT security
vendors to create more affordable options for SMBs. However, these
scalable, budget-friendly options have yet to surface. So until then, take
precautions and provide a strong security policy for your company and back
it up with regular discussions and education.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!