Improve Your Defenses Against Security Weaknesses

Paul Mah
Slide Show

SMB Disaster Preparedness: A Recipe for Disaster

SMBs are not making disaster preparedness a priority until after they experience a disaster or data loss.

In today's continuation of my Eight IT Projects for SMBs series, I would like to explore how SMBs can better position their defenses on the security front. While the challenges of securing a corporate environment might appear to be intimidating at first glance, the steps that businesses need to take to realize it are really not that complex.


Cover the Basics


While it might be tempting for small- and mid-sized businesses to buy into the latest security appliances and tools, I would caution against placing too much emphasis on going with the latest fad. An analogy that comes to my mind would be that of a house owner splurging on the absolute latest burglar alarm system before leaving for a long holiday ... but forgetting to lock the door.


My belief is that most SMBs will be far better off if they first concern themselves with rudimentary, but important, measures such as implementing prompt software patching, as well as diligently checking for the availability of new security updates. The latter is important as some hackers have taken to dissecting the latest security patches the moment they are released and quickly moving on to weaponize them-sometimes in the span of days. In addition, a revamp of security procedures and practices might be in order too, which might entail steps such as enforcing the use of a password when logging in, and preventing users from creating simplistic passwords that are easily guessed.


Training Your Users


A recent incident saw computer hackers masquerading as support personnel from Microsoft, successfully convincing a hapless staffer into following a series of instructions over the phone for more than 20 minutes. This included visiting a site that enabled remote access of the employee's computer, though it fortunately appeared to be nothing more than a ruse to sell unneeded security software. While it would be next to impossible to defend against every conceivable social engineering attempt, the above scenario epitomizes why it makes sense to train computer users with a basic level of security knowledge to lower the chances of such scams succeeding against your company.


Blacklisting Versus Whitelisting


When it comes to actually defending against malware, the concept of blacklisting refers to traditional anti-virus software that seeks to weed out malicious software by referring to a virus definition file. On the other hand, whitelisting means that unknown software that cannot be found on an existing whitelist are simply not executed. I've wrote about it last year in "Deploying Whitelisting for Your SMB," and it might be worthwhile to note that some companies have actually opted to deploy both whitelisting and blacklisting solutions. In addition, the new Symantec Endpoint Protection 12, Small Business Edition does incorporate some elements of whitelisting.


Data Encryption


The ease of deploying data encryption products has declined over the years even as the performance penalty of implementing it is practically negligible with the use of modern operating systems and hardware. Businesses can acquire either the Enterprise or Ultimate edition of Windows 7 to gain access to robust encryption technologies that offer protection against data loss when laptops are lost or stolen. (BitLocker is a full-disk encryption technology, and I have also written at length how SMBs can protect themselves with BitLocker.) Other affordable and easy-to-use full-disk encryption products exist too, though it remains the onus of SMBs to acquire and deploy them.


Finally, there is another facet of today's topic on how to best protect the increasing number of mobile devices and tablets used on the corporate network, which I will address in another blog.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.