A ZDNet piece looks at the differences between how small and large organizations should confront wireless security issues. The fact that it doesn't offer anything that will be new to CSOs or security-conscious IT staffers doesn't mean that the underlying theme isn't worth considering.
The writer says there are a lot of things a company can do to heighten security without spending a lot of money. Experienced IT folks, who mostly work at larger organizations, know this. They are aware that default device settings generally are optimized for ease of use, not security. They know that these settings must be adjusted before the device is put into operation.
How many SMB or SOHO workers are aware of the counter-intuitive fact that changing a bunch of factory settings is the first thing that must be done once the packing material is thrown out? Our guess is that some do, but most just hook up the new widgets and flip the switch.
That's important, but raises an even bigger issue. The divergence between SMB and enterprise wireless security is accelerating. This means that everything is changing: the attitudes and knowledge bases of users in the two groups, the strategies of the bad guys and, of course, the gear itself.
Wireless security is a continual game of cat and mouse between good and bad guys in which businesses must constantly adjust to changing conditions. In this emerging landscape, the strategy employed by big companies on one hand and SMBs and SOHOs on the other will be more differentiated than in the past.
The story rightly spends more time on small organizations. Big companies have people whose job is to think about this sort of thing, and they have more money to throw at these problems. On first glance, it seems that SMBs increasingly are in criminals' crosshairs because they lack the time, expertise and budgets to keep up.
A deeper look, however, suggests that the core of the problem is simpler. The SMBs that are most at risk are those that don't pay attention to security issues. If they did, they would know that there are outsource service providers, specialized vendors and customized equipment available to them.
The only real problem SMBs face is not recognizing that the wireless security focus increasingly is on them.