Global IT security protection company Symantec released the SMB Protection Plan report back in 2009, the year that Gartner had mentioned cloud computing for the first time, server utilization and efficiency went front row and web-centric applications would begin to penetrate the market. It is also the year businesses began leveraging social media.
SMB Security Protection, Only Five Years Ago
That year, the Symantec survey polled 1,425 businesses around the world and discovered shocking statistics about the state of affairs of SMB security protection for businesses. The overall point said while many SMBs understand the importance of security, few are acting on their concerns. Why? Tight budgets, averaging $4,500 annually, time constraints and a lack of staff or staff skills in IT. Nearly 42% of businesses did not have dedicated staff members for their IT, which means IT was left as an afterthought.
The highest concerns were viruses, spam and data breaches, yet 32% of business had absolutely no security implemented. This includes antivirus, antispam, desktop and server backup and recovery, and endpoint protection. Over a third did not have even basic protection in place, such as antispam or antivirus. During this period, there was also a wave of mobile use, but no qualitative plans for BYOD in place.
And the latter showed prominently. 44% of breaches involved some sort of compromised mobile or device-endpoint failure, such as broken or lost devices. Most SMB security plans did not consider endpoint protection.
Cyberattacks have increased and are targeting SMBs, not just enterprises
Overall, 2009 was not a year many SMBs focused on their IT security. But in the last five years, security has changed dramatically that leaving a business unprotected almost guarantees data breaches, intrusions and attacks
What does this all mean?
We’re going to see attacks on new battlegrounds, including our wearables and new digital endpoints, aka. protecting “the Internet of Things” in our own organizations.
Antivirus, antispam, disaster recovery and endpoint protection is an industry standard expectation. Symantec says, “antivirus on endpoints is not enough”, meaning businesses will need more than the latest versions of antivirus. Layers will include protection for unpatched vulnerabilities and implemented strategies to prevent attacks from reaching endpoints. This includes browser protection, web-based file solutions, application control, device control and protection on external devices, such as USBs.
Websites now need further protection, especially websites that connect to user portals, private business information or banking information. This can include mandatory SSL protection certificates and only allowing secure cookies.
Sensitive data is expected to be encrypted and protected. This includes corporate and customer data. Overall, this would mitigate the risk of data leads, and prevent breaches. This would also allow companies to continuously review where the files are located and who has had access to the encryption keys.
All devices need security protection. When a BYOD policy is implemented, all devices should have a security profile to enter the network.
We’ve set up a password policy at Quartet, and we recommend it for our customers. All passwords need to be at least 10 characters, use lowercase, uppercase, numbers and symbols. Passwords must also be changed every 90 days.
Patching and updating must be rigorous. Since hundreds of thousands of computers are attacked regularly, companies need to push the latest definitions to every workstation. This includes desktop and server applications, mobiles, browsers and plugins. Use a deployment process to ensure your organization is well protected.
Users must be educated on security protocols – how to identify malicious emails and attachments, websites, and URLs; safely downloading applications; and how to navigate around the computer if it’s infected.
Quartet Service offers antispam, antivirus, encrypted file sharing (QBox) and a full suite of security solutions (QSecure) to protect your networks and servers. Feel free to ask us questions regarding your security policy, upcoming trends or about any of our products.