A number of studies and observations -- and even a bit of news -- about small and medium-sized business (SMB) security were released during the past few weeks. This drives home an important old point: SMBs must be exceedingly careful about the security of their networks.
For freshness, this is up there with reminders to brush after eating and use seat belts. But, like those two old bromides, it would be hard to find somebody who doesn't agree with the idea that companies in this sector need to watch out. However, folks -- especially very busy folks -- have short attention spans. The importance of staying abreast of security must periodically be driven home for two reasons: These companies don't have as many (and in some cases any) people dedicated to security and the bad guys -- stymied by effective enterprise security -- are increasingly targeting smaller operations.
This story details a recent study from Websense, reported on at IndustryWeek, that queried 450 IT managers and employees in the United States. The study said 46 percent have software to protect confidential data, 81 percent do not block peer-to-peer (P2P) applications and 80 percent don't block USB devices.
Websense also found that 76 percent of respondents don't control instant messaging and 47 percent don't derail spyware from contacting outside entities with information. Two out of every 10 say they use no tools beyond anti-virus and firewalls. Twelve percent of managers have no way of enforcing Internet usage policies. Finally, the study found that computers were left vulnerable to identified flaws for more than three weeks, despite the availability of updates.
There are, of course, things that can be done, either by employees on their own or at the behest of administrators. VirtualHosting.com links to 12 resources that certainly can help keep a business or consumer PC safe. They are identified in the story as Audit My PC; Qualys FreeScan; Proxy Way; Test My Firewall; Hijack This; GFI Email Security Testing Zone; WindowsSecurity.comThe PCman Website Virus Test; the Sophos Threat Detection Test; the Symantec Security Check; NMap and PC Security Test 2007.
The good news is that where there is a security problem, vendors will follow. Indeed, the dynamic going forward -- in security and elsewhere -- during the next several years will be to reward the companies that best address the traditionally hard-to-serve SMB sector, which has been neglected.
For instance, earlier this month Symantec announced SMB Specialization for Partners. The program is designed to allow certain Symantec partners to better serve the SMB sector. New competition is coming to security due to the launch of Microsoft Live OneCare, other competitive moves, consolidation and other transitions. This strongly suggests that SMBs will be heavily targeted -- and that effective ways will be found to reach them. (While it will be half a world away, relevant news will emerge from the 2007 SMB Security Summit, hosted by Trend Micro and SBSfaq.com. It is slated for Sydney at the end of November.)
The approach taken by this ITbusiness.ca writer in approaching the topic of content filtering for SMBs is interesting. The reality echoed in the other stories -- that SMBs aren't conversant with technology -- is aptly summed up in the lead paragraph:
Many SMBs don't know that content filtering exists, and those who do think it's an enterprise-level product. So, while most have a firewall and anti-virus product in place, they have nothing in the way of content filtering.
The story goes on to trace the evolution of content filtering from a tool to keep employees off porn and sports sites to a way to make sure they aren't inadvertently or purposefully bringing bad things into the organization or sending sensitive data out.
Study after study points to the importance of the SMB sector. This means that they will be targeted by various scoundrels, and they need to be prepared. This isn't a new message, but it is a vital one.