Cyber security alert for SMBs

by Sohini Bagchi    Feb 07, 2013

security smbs

Much has been written and said about cyber security and its impact on small businesses in the past. However, the topic keeps coming up every time when there is a discussion on information security because of the incessant rise of security threats facing businesses today, especially small businesses that continue to be victims of widespread cyber attacks.

At one level, high profile attacks by hacker-activist groups and cyber criminals looking to sabotage information and databases of government and large organizations are catastrophic, but there are several ways these crimes can be tackled, as the IT department are always on alert. The same cannot be said for SMBs who are often innocent victims of cyber attacks – whether it’s about their websites, online databases or computers. The nature of attacks also keep changing every year, as a result of which SMBs should understand their security priorities and take quick and effective actions to survive and grow.

An expert panel discussion at the Kaspersky Cyber Secuirty Summit 2013 that was recently held in New York City highlighted the cyber security realities in the SMB world and how they can address the issue effectively.

The changing threat landscape

Experts at the panel agreed that the increasingly complex threat landscape calls for immediate action from the SMB segment. Referring to the Nexus of Forces, Lawrence Orans, research director, Gartner who was moderating the panel discussion stated that convergence of social, mobility, cloud and information patterns that driving the new IT landscape, which means it is also changing the way we deliver security. Consumerization of IT has certainly revolutionized business and society, disrupting old business models and creating new leaders. This is something every small business IT department should keep in mind.

Orans pointed out that other concerns in cyber security is botnets that are rampant in malicious activities such as spreading viruses, malware and using DoS attacks to crash servers. The CIO in small and mid-sized companies should also have the awareness and preparedness to deal with every kind of attack – from typosquatting to cickjacking as well as hacktivism.

However, experts in the panel believe that it is no longer about the lack of awareness in the small business segment. Most business owners in the SMB segment are aware of the consequences of a cyber attack. At the same time, they are increasingly using emerging technologies such as mobile, cloud and big data. Despite an awareness of security issues surrounding unstructured data and the cloud, smaller companies continue to under-invest in data protection.

“One obvious reason is resource constraints. However, they also underestimate the ramifications of data breaches, creating further security complexities,” says Andy Steingruebl, senior manager, customer and eco-system security at PayPal.

Need for action

Experts believe that SMBs should be proactive in protecting information, computers and networks from cyber attacks. Every business needs to have a series of security countermeasures that protect an organization’s information assets, such as security policies, firewalls and antivirus software.

“Simple steps such as keeping your machines clean, having the latest security software, web browser, and operating system on a regular basis can protect against viruses, malware, and other online threats,” says Steingruebl. He believes that it is essential to provide firewall security for your Internet connection, install antivirus software to run a scan after each update as well as other key software updates on a regular basis.

According to Steingruebl, patch management that often involves acquiring, testing, and installing appropriate patches to administered systems can prove to be very effective, but IT leaders in SMBs often overlook this step.

The IT manager of SMB organizations should also regularly backup the data on all computers backup copies of important business data and information , control physical access to their systems and create user accounts for each employee and secure the Wi-Fi network.

“Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission,” warns Andrian Stone, Director -security response, RIM/Blackberry.

Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. It is important to check with your vendors to see if they offer multifactor authentication for your account, he mentions.

With the increase in the BYOD trend in most companies, it is essential for them to establish security practices for employees, such as requiring strong passwords. More than that there should be a set of protocols describing appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies.

Eddie Schwartz, Chief Information Security officer (CISO), RSA believes that mobile devices can create significant security and management challenges, as they hold confidential information or can access the corporate network, especially in the BYOD era. “Businesses should practice data encryption and install security apps to prevent criminals from stealing information, besides setting reporting mechanisms for lost or stolen devices,” he says.

Cyber security in the SMBs will continue to be a vital topic of discuss as threat landscape becomes more sophisticated with each passing day. According to Stone, although it’s never possible to guarantee that a company is totally secure or that a breach will not occur, implementing the latest tools and policies and providing ongoing, end-user education will minimize several risks and allow
small businesses to focus more on growing their enterprise rather than repairing it.