As a IT consultant to several SMB's (Small Medium Business), I talk to owners everyday about their needs and concerns about their IT infrastructure. Most of the time the conversation is about increasing productivity through the use of technology. Right now the hot topic there is cloud technology. They feel they need to be more efficient with processes and avoid creating redundancy. The one thing that is not a big topic is security.
No offense to SMB's but I am not sure that these owners are fully aware of what is really going on with cyber-security. A lot of small and medium shops treat their IT security as if they have nothing to worry about. Now I am not here to say that all of them are not security aware, however they read something in the news about a security breach at a large company but think that will never happen to them. Hackers do not discriminate. If you have data and a internet presence you are a target.
The key to SMB security is to synergize business objectives and productivity with security. Just because you lock down your IT infrastructure does not mean you cannot do business. You just have to find a way that works best for your company. Its easy to be productive if you have no controls on the infrastructure, however its the lack of those controls that could produce a security breach or incident that will cause you not to be productive. I believe there is a way for all of these areas to coexist.
SMB security has some challenges that are different from enterprise security. Sometimes SMB IT personnel are great administrators but may be unaware of security threats that may exist. They are in charge of a lot of areas for the business and there is no security department like in enterprise companies to help them. Therefore while they are solving business needs and doing day to day brake it and fix there is just not the time to maintain up to date security.
So what is a SMB to do? Where do they start? Over the next month and a half I am going to be exploring 6 key areas for SMB security.
Key Areas of SMB Security
1) SMB Threats and Vulnerabilities
2) Security Policy
3) Security Awareness
4) Internet Access
5) BOD (bring your own device) Security
6) Auditing Administrative, Technical, and Physical controls
Hopefully if you are a SMB this series may get you to re-evaluate your security needs and have a better understanding of your security needs.
Thank you and if you have any questions during the series please feel free to email me at firstname.lastname@example.org
- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom