SMEs face a different set of security challenges than enterprises and must adapt security policies and practices accordingly to avoid costly intrusions and that can cripple or substantially harm the company.
While SMEs need to be on guard against external threats that can penetrate a network and compromise company data, the more serious threats are likely to be internal. A recent Gartner Inc. survey showed that 80 percent of security threats originate within the network, rendering defenses running on network gateways completely ineffective.
Internal threats come from a variety of sources, some intentional and some innocent, such as installing unauthorized applications, disabling or failing to update installed security software, firewalls or proxies to prevent emails with malicious attachments and keystroke loggers. Perhaps the most publicized threat today is the use of unapproved storage media, such as CDs, DVDs, USB storage devices, infrared, modems and WiFi. These devices can be twice as dangerous with the ability to not only introduce security threats such as malware and viruses onto a previously secure network, but also download and remove sensitive company data.
To minimize or eliminate these security threats, Promisec recommends these security practices for SMEs:
Develop written guidelines to establish company-wide security policies
These policies will clarify safe practices for all employees to minimize the potential for internal threats coming from employee ignorance of the potential threats.
Deploy a Layered Security Infrastructure
Different threats require different security tools, ranging from anti-virus and anti-spyware software to firewalls and IPS devices. To be truly effective, an SME data protection solution must encompass a variety of these tools to protect against the diversity of security threats.
Automate the Security System
Given the IT budget constraints of most SMEs, it is unrealistic to expect them to have a dedicated network security administrator to monitor and respond to security threats. Instead, SMEs need to automate the system with a security tool, such as Promisec’s Spectator Professional, that universally monitors and remediates all security software as well as their associated processes and services.
Review and Refine the Security Baseline
After reviewing the threat and remediation reports from Spectator, SME security polices should be updated and strengthened where needed to address the most serious threats.