Small Businesses Need Protection from Security Threats

Saturday, November 13, 2010

Dan Dieterle


I have always been concerned with small businesses being protected against modern threats.

With the majority of my experience supporting small businesses, I have seen first-hand how devastating malware attacks can be.

If a server goes down in a large company that has thousands of servers, it becomes a priority call to the Data Center to get it back up.

Many corporate Data Centers have a time limit to get systems back up and running.

A standard policy might be to respond within the hour, and the server has to be back up in four. It is an inconvenience, but not always a really big deal.

If a server in a small business goes down that has a grand total of one or two servers, it could be detrimental to the business.

The same is true if confidential or proprietary information gets siphoned from a small business by a botnet or other type of malware.

Small businesses also do not have large IT support centers to install updates and patches. Many times IT support is one or two people who have other jobs to perform in addition to running the servers.

Small businesses are victims of cyber-crime, and sometimes are critical to US infrastructure.

According to a recent Fox Small Business Center article, Symantec found in an earlier survey that 60% to 80% of security issues could be resolved by a patch released six months or more ago, and also that 80% to 85% of critical infrastructure is in the private sector and a good portion of it is small businesses.

Small businesses need to become more aware of current security threats. In most small businesses the whole system defense scheme centers around firewalls and anti-virus. Most modern threats easily bypass firewalls and anti-virus.

So, what can small businesses do?

“According to Symantec, the first step is to develop and enforce IT polices. The policies need to be clearly defined and implemented across all locations of a business. That way, threats can be identified and taken care of regardless of what office it happens in.”

And also to make sure that software patches and updates are installed.

Zero day exploits, which are previously unidentified software exploits that allow hackers complete remote access to your system, are found constantly. Keeping up with these can be a chore, but is a critical step in protecting your network.

Along with security policies and update patching, I also believe that it is critical for small businesses to have some level of network monitoring installed.

A full blown intrusion detection system may be overkill, but just turning logging on in firewalls, routers and network devices may help track down attackers in case the worst happens.

Cross-posted from Cyber Arms

Possibly Related Articles:
Small Business Symantec Patch Management Information Technology
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.