SMBs need to stay secure too

Updated: Sep 23 2013, 02:03am hrs
Regardless of the size of a business, geography, attacks happen. Especially in the context of small and medium businesses (SMB), their knowledge intensive nature and vast data repository makes them valuable targets for attacks. Additionally, the proliferation of mobile devices driven by the need for any timeany place access to company data and service is adding to the enormous challenge of keeping these companies secure with limited IT resources. Smaller businesses also find it difficult to keep up with software patches, leaving vulnerabilities undetected for long periods of time.

These realities are exploited by cybercriminals, who use the downturn to step up the pace. And it is happening at a time when businesses can ill afford downtime, decreased productivity, stolen data, lost sales and a damaged corporate reputation. According to a recent report from Zinnov Consulting on Indian SMB ICT Adoption Insights, India is home to around 50 million SMBs currently of which 10 million are technology-ready. Hence the need for securing small and medium businesses has become increasingly paramount.

Besides the real dangers that confront SMBs, there is an attitudinal shift required for SMBs to allay any misconceptions pertaining to security. Firstly, SMBs, by and large, tend to have this notion that due the small nature of their operations, they may not be targeted for cyberattacks. However, SMBs forget that their data and intellectual property is very much vulnerable to theft.

An unsecured database definitely attracts attention from the hacker community thus putting the sensitive intellectual property in danger. Secondly, most of the SMBs assume that security solutions are extremely expensive as they have smaller operations and lower price points. Lastly, with mobile phones and tablets coming in the play, many SMBs assume that the new devices are secure and allow access to server utilisation.

In this regard, one security solution cannot be considered as a silver bullet for all SMB security requirements. No two businesses are the same and what needs to be protected within each business differs greatly. For example, if a small business operates primarily online and houses customer profiles and data on the Web, the level of protection required will be greater than for a business with little online presence. Therefore it is necessary to adopt an interlocked approach of People Process Technology by which SMBs can adopt the right best practices to evaluate their security strategy and choose a mix of the best suited security solutions.

o The first step is to devise a plan which classifies data as per its value. Post this, a relevant plan to safeguard the vital data can be executed. There also needs a security policy enforcement that trains employees to outline the dos and donts when using the corporate network.

o On the technology side, SMBs should opt for security software that provides flexibility. Choose a solution that can eliminate the on-premise hardware and software costs, deployment and maintenance by offloading the server management to a third party software vendor.

o The other aspect which is of utmost importance to SMBs is manageability of IT. If you are choosing a cloud-based model, make sure that the SaaS management platform hosted by the software vendor on their infrastructure off site, offer centralised deployments, reporting and management online

o Develop and stick to strict guidelines and policies around protecting company data.

Maintaining an up-to-date defense perimeter around your systems is increasingly difficult in the face of rapidly changing attack strategies and the realities of limited budgets. But the good news is that being proactive costs far less than what companies spend during remediation resulting from a cyber attack.

With the right solutions in place, midsize organisations can reduce the complexity and cost of deploying and managing securityduring a time when doing more with less is the number one priority.

Girish Gargeshwari

The writer is head of mid-market and SMB business at McAfee (India)