Does an SMB need to care about security? This was the question that I posed to Monte Robertson, president of Denver-based Software Security Solutions. His response was elucidating: As hackers encounter greater resistance in spreading malware to the masses, they will shift to softer targets - like an SMB. An SMB makes a more attractive target because it may tend to have less knowledge, resources or time to keep up with all the threat vectors out there than large companies do.
Robertson wrote, "With the explosion of malware on the Internet and users going mobile, not only is the threat expanding at an unprecedented rate but so is the attack surface. Hackers are focusing on them and these conditions so they must respond with a focused Layered Security Solution. The threats have changed so much that the SMB needs to start considering proactive protection, not just reactive."
Robertson advocates a strategy of "layering" multiple protective mechanisms such as firewalls, antivirus software and anti-spyware program, among others. (A more detailed examination would be beyond the scope of our SMB blog, though security blogger Ralph DeFrangesco certainly has more than adequate expertise on this topic.)
I inquired about common mistakes made by SMBs where software is concerned. On this, Robertson noted that people are oblivious to the fact that all software needs to be kept up to date - not just the operating system or browser software. Indeed, popular accounting software like QuickBooks or Peachtree can be, and are, targeted by hackers. In essence, hackers are now professionally trained programmers who are criminally organized. As such, no stone should be left unturned when it comes to patching.
Finally, it is clear that Robertson is no fan of "market leading solutions" where antivirus software is concerned. He favors NOD32, though I suggest taking a look at whitelisting, too.
So there you have it; security is for everyone. SMBs are not safe simply because they are smaller; indeed, criminals can find such "soft" targets attractive.