SMB Disaster Preparedness: A Recipe for Disaster
SMBs are not making disaster preparedness a priority until after they experience a disaster or data loss.
I came across this article, titled "What every SMB needs to know about fighting cyber crime" over at Computing.co.uk. Author Chris Mullan focused on the problem of cybercrime and how such attacks can result in irreparable damage to SMBs, and I felt that he did an excellent job dissecting the various facades of computer security into four distinct solution areas.
As we know, a common challenge faced by small- and mid-sized businesses is inadequate staffing levels of dedicated IT personnel. This necessarily results in a greater reliance on security vendors that come with slightly different agendas, or employees who are not specifically trained in security. While unavoidable at times, the situation could be improved if SMBs are clear of the various places where security measures can be employed as part of a defense in depth strategy.
Borrowing from Mullan's solution areas, I want to talk about building multiple layers of computer security for SMBs today by identifying some areas where security controls should be in place.
The only way that a computer cannot be hacked remotely is if one were to rip out the Ethernet cables (or Wi-Fi antenna). However, it doesn't take a genius to figure out that a standalone workstation will not be very useful in the context of today's hyper-networked world. Rather than attempting to defend a computer from the end-point alone, there are many appliances and tools that can be deployed on the network to increase the overall security in a business. This ranges from the use of hardware firewall, IPS and IDS appliances, or making use of technologies such as VPN to implement security on the network level.
Servers form an attractive target to hackers for a number of reasons. For one, they are always switched on, and typically host the company's proprietary or confidential data. Moreover, the fact that servers are usually powerful machines with access to dedicated Internet bandwidth is of special appeal to botnet operators or hackers bent on using commandeered computers as a launch pad to other targets. One saving grace is that server operating systems tend to be hardened by default, and are far less likely to be hit by Trojans or drive-by infections since they are not used as a workstation. Regardless, SMBs need to lavish additional care on their servers to ensure that they are patched and adequately secured from hackers.
All nodes on the network can be considered an end-point, and necessitate the installation of the appropriate defenses to defend them from worms and Trojans. Workstations are particularly vulnerable to exploitation given the many avenues that users can be tricked or coerced into executing Trojan software. Even the most security-conscious might inadvertently visit websites put together to exploit new or novel bugs in their Internet browser or open document files crafted to infiltrate vulnerable software applications. Of all the layers that I've identified, this is also the layer that practically everyone is familiar with.
I've always stressed the importance for a minimum level of user training to protect businesses from social engineering attempts. In addition, the need for a password of suitable length and complexity should be clearly explained and enforced on user accounts. Obviously, employees should only be accorded the level of access they require to perform their duties-not because the company doesn't trust them, but to limit the fallout from any security breach.
Do you have any other layers of defenses to add? Feel free to highlight them in the comments section below.