Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
More…
Facebook
Twitter
Digg
PrintInterview with Dean Turner (continued)
Is there anything else that SMBs need to be aware of?
Yes. In the latest Symantec Internet Security Threat Report (ISTR), we discovered that Microsoft Internet Explorer was targeted by 77 percent of all attacks, specifically targeting Web browsers. In addition, 54 percent of all identity theft-related data breaches were due to theft or loss of a laptop or data storage medium. The second most common case was insecure policy, which made up 28 percent of all incidents. And, since many SMBs use Microsoft Internet Explorer and have employees working on laptops, they need to take steps to protect themselves in those areas.
In small businesses, many times it's the CEO or a corporate management person who oversees IT. What advice do you have for people in those situations?
The best advice I can offer those who are in that situation is to start with the basics, and invest in products and solutions that will scale as their business grows. What we recommend is finding a good value-added reseller (VAR) that can help them implement a sound security strategy. Many Symantec partners are well positioned for that. As small businesses grow, many still rely on a VAR, but hire someone in-house, such as a director of IT, to manage this for them. At that point, SMBs start seeing their security management strategy become part of their company's internal knowledge. We have seen and expect to continue to see small businesses turning to channel VARs that have experience helping small businesses address these challenges. At mid-size businesses, we're seeing that as well, but that's the point where companies typically start hiring someone in-house to oversee that function.
The bottom line is, SMBs have budget and IT resource constraints, and require solutions that are easy to install and integrate, as well as to use and manage over time as their business grows. Every IT decision is critical they can't afford to rip and replace. Therefore, they need to know what they're implementing and have a solid understanding of the impact that a particular technology may have on them.
The other advice I would offer them is to take inventory of what they have. For example, what are their assets? What do they need to protect? What's vulnerable? What do they have to expose? They should also be thinking about things like what is their security policy going to be around those assets? And, what are the specific tools or services that they need to either buy or engage a VAR on to help them implement those security technologies or security policies?
What are some of the steps that SMBs can take to protect themselves?
To stay secure in todays highly connected world, SMBs need to employ defenses along multiple fronts. This requires a two-pronged strategy:
- having the right software in place to protect their small business network from malicious network attacks, viruses, security breaches, suspicious activity, etc.; and
- utting the right policies and practices in place to ensure they're doing everything they can from both a software usage and human resource standpoint to help protect their network.
For small businesses, data and systems protection is the first order of business. Some specific steps that SMBs can take to protect themselves include:
- Turn off and remove services that are not needed
- Have a password policy
- Secure their e-mail server - 80% of malicious code is coming through browser, or email as a phishing attack
- Don't open attachments unless you know who it is coming from
- Use internet security solution to scan attachments and files at point of entry
- Create emergency response procedures - minimizes the opportunity for lost data (regular backup and restore)
What else have SMBs not been doing that they should be thinking about?
To some degree, SMBs are at more risk than larger businesses because of the type of connections they use (e.g. modems, DSL, etc.). SMBs need to know where all of their endpoints are, and protect those endpoints. For instance, if they have a home computer that they use to access their network, that home computer is an endpoint. If they have files floating back and forth on a personal digital assistant, that's an endpoint.
They also need to have a security policy that not only identifies the key assets that need to be secured, but which assets will be extended to whom. For example, their security policy should include things like installing and updating antivirus software, installing a firewall, checking for encryption and authentication, creating strong passwords, and updating Web browsers.
The purpose of the policy is to guide users in knowing what is allowed and to guide administrators and managers in making choices about system configuration and use. And, by going through the process of creating a security policy, SMBs will be able to establish specific security goals and a plan for tackling them.
But perhaps most importantly, SMBs need to educate themselves on and stay abreast of What's happening in the threat landscape. One of the easiest ways to do this is by reading some of the materials posted at Symantec Security Response or Symantec Small & Mid-Sized Business or other similar material available on the Internet.
Since SMBs have such limited resources, what should their biggest priorities resource wise be when it comes to security?
That really varies depending on the individual business. I say that because there are all kinds of variables that can come into play, such as do they have a store front? Do they do most of their business online and take credit cards? Etc. All of those variables have to be taken into consideration when determining what an SMBs biggest security priorities should be.
What are some of the solutions that Symantec offers to help SMBs protect themselves?
Symantec offer a complete blueprint that can help SMBs:
- Secure and protect their data: Symantec Client Security, Symantec AntiVirus, and Symantec Backup Exec allows an SMB to effectively manage recovery-time requirements, enhance user productivity, and ensure critical data and information is available and secure.
- Maximize system availability: Symantec Ghost Solution Suite, Symantec Backup Exec System Recovery, and Symantec pcAnywhere reduces administrative costs and enables efficient management of the IT environment with consistent patch deployment, configuration management, system migration and server recovery.
- Optimize application environments: Symantec Mail Security, Symantec Enterprise Vault, and Symantec IM Manager provide best-in-class, comprehensive email security and availability solutions to ensure the protection and accessibility of email information while reducing costs through more efficient email management.
- Set and enforce consistent policies: Symantec Control Compliance Suite, Symantec Enterprise Vault, and Symantec DeepSight Alert Services allow mid-sized organizations to fulfill complex, regulatory compliance regulations and meet industry standards through protection and policy management solutions for Windows environments.
This story was editorially selected as relevant and is used with permission from Symantec. PC World received no compensation for posting this article.
