When discussing IT security threats in SMBs, the conversation always begins with firewalls and antivirus. While imperative, most SMB’s already have firewalls and antivirus solutions in place. While some firewall and antivirus solutions are better than others, the truth of the matter is something in place is better than nothing.
IT service providers that specialize in security solutions for SMB’s can certainly find a solution that provides the highest level of protection for your budget. As prices continue to fall and technology becomes more efficient, many SMB’s will conclude that enterprise-level security is achievable within their budgets.
While many SMBs may take comfort in their enterprise-grade firewall, not all—in fact not most—of the IT threats that concern SMBs cannot be mitigated by a firewall. If you were hoping that those name-brand antivirus suites would pick up the slack, it won’t. In fact, the firewall and the antivirus suite don’t even address half the threats your SMB may face.
Today, SMB’s focus on creating a connected environment where their managers, coworkers, and customers can access the data they need on any device, anywhere on the Internet. This approach provides for more efficient business processes that save time and money. The problem is that you’ll find more that just customers and co-workers on the Internet.
When exchanging data over a public network like the Internet, we must focus on the core principles of CIA Triad—keeping data confidential, using encryption, ensuring integrity, with the use of hashing and providing availability, by protecting against DOD attacks.
This is where SSL/TLS protected web services come into play, or better yet, a VPN when endpoints are static, but even this doesn’t answer the entire problem.
The largest threat to your SMB is people. Both purposeful malicious human activities—including hackers and the like—as well as inadvertent, accidental human activities, pose the majority of threats to data security.
Join us for a future post where we will discuss how to address the human threats to your data security.