It's that time of year. The nights are getting chilly, the kids are back in school and it's National Cyber Security Month again. Okay, so the last item on the list sort of slips under the radar. Such a designation can serve an important role, however, if business owners -- especially folks who run small operations without a person or staff dedicated to tracking security on a continual basis -- use it as an opportunity to set up guidelines and otherwise pay attention to this important area.
Perhaps in recognition of the holiday, Small Business Computing offers five tips suggested by the National Cyber Security Alliance (NCSA). They are to conduct a risk assessment, back up critical data, create a contingency plan and educate employees and have them sign an agreement that indicates that they are aware of cyber security concerns and willing to work with the company to keep the organization safe.
The good news, perhaps, is that the SMB community is increasingly attractive for vendors, which will keep a steady supply of products flowing in. For instance, IBM earlier this month introduced Recovery Express and Proventia Network Security Express. Recovery Express, according to Channel Insider, is a prepackaged data center disaster recovery platform, and Proventia Network Security Express is a security product based on IBM Internet Security Systems (ISS) products that are customized for small businesses.
The models by which SMBs get their security may be changing as well. David Cowan, an investor writing at AlwaysOn, says the industry has just scratched the surface of the idea of using the software-as-a-service (SaaS) model for security. Cowan counters the common wisdom that small businesses are inattentive to security concerns. Rather, he says, each SMB client represents such a small portion of a vendor's total sale that no volume discounts are given and the comparative price tag ends up being high. SaaS can alleviate this problem by doling out security as needed. The first generation of SaaS security products has done "remarkably well," he says.
Cowan's take is prescient, at least in one case: Yesterday, we linked to a release posted at Dark Reading that announced the launch of OutProtect, a SaaS data leakage company.
There is a lot of work to be done, however. In anticipation of National Cyber Security Awareness Month, McAfee and the National Cyber Security Alliance conducted a survey on security practices. Almost all of the 378 respondents -- 98 percent -- believe keeping security software up to date is important. However, only 48 percent had been updated in the month before the survey was taken.
The survey, described at SC Magazine, did not indicate who the respondents were. Nonetheless, the responses are worth attention. Eighty-seven percent say they use anti-virus software, while only 27 percent use anti-phishing technology. Indeed, only 46 percent of respondents could define phishing. While 70 percent said they were running anti-spyware software, only 55 percent actually were. Likewise, 27 percent said they had implemented anti-phishing software, but only 12 percent actually had. The story did not say how the real status of respondents' computers was determined. Most likely, McAfee got permission to scan the machines.
The bottom line is no mystery: SMBs need to pay attention to security. This long and interesting post at Vistabilities describes the threats. The story suggests that things are simultaneously improving and getting worse. They are getting better in the sense that awareness is increasing among SMBs. The bad news is that the explosion of broadband and, particularly, wireless connectivity is increasing vulnerabilities.
Symantec offers six steps that will improve security: Turn off and remove unneeded services; secure e-mail servers; and establish and enforce password policies that include upper and lower case letters, numbers and symbols. The firm also says to tell employees not to open attachments unless they are from a known source, use technology that scans and manages files and attachments, and develop emergency routines that include backup and restore procedures.