IT Security for Small- to Medium-sized Businesses (SMBs)
“New business initiatives like ecommerce allow SMBs to level the playing field and compete in new and innovative ways, but they also require SMBs to strike a balance between information access and security while, at the same time, controlling IT costs.”
—Anil Miglani, AMI-Partners
A growing force in the IT security landscape
With an estimated 8.2 million small- to medium-sized businesses in the U.S. alone, this market segment is by far the fastest-growing segment of the American and global economies. In fact, technology research firm AMI-Partners estimates that 40 million small businesses account for 97% of the world’s commercial activity.
The specific IT challenges of SMBs
It’s a bigger challenge than ever for organizations of every size to keep data safe, systems up and running, and users productive in today’s ultra-competitive, data‑driven culture. Especially for SMBs running Windows-based computing ecosystems, serious threats to information and systems security and availability can result from a host of factors—from malicious code and software vulnerabilities to natural or manmade disasters.
These businesses also face a specific, fundamental IT dilemma: they realize the need for comprehensive, vigilant data security, yet they typically lack the resources enjoyed by larger organizations to support dedicated, full-time IT staffs.
Common security requirements typical of small- to medium-sized businesses—loosely defined as those with from 5–10 employees—include:
- Data security and availability—such as managing recovery times, enhancing end-user productivity and ensuring the security and availability of critical data
- System security and availability—focused on reducing administrative costs and empowering efficient IT management via consistent patch deployment, configuration management and server recovery
- Application security and availability—ensuring the protection and accessibility of email and instant messaging functionality while reducing management costs
- Policy Compliance Management—complying with regulations and meeting industry standards through Windows-environment protection and policy management
- Specific software-based security solutions—for Internet and client security, anti-virus, firewall and groupware protection, backup/data recovery, and overall system performance
Leading software vendors are recognizing the expanding role these organizations in the marketplace, and they’re tailoring PC security software to meet the unique challenges of smaller, emerging companies. Search for “Small Office” or “SMB” on any leading software provider’s web site, and you should find plenty of references—or just ask your solutions provider which options are best for your firm’s computing environment.
Educate employees, protect your business
The first line of defense in SMB security is to educate employees as the most common types of attacks—such as spam, phishing, and spyware—and remind them to be vigilant about deleting suspicious email and potentially dangerous attachments.
Beyond that, here’s a list of specific tasks you can perform to help ensure SMB information technology security:
- Update security patches regularly
- Until a patch is applied, disable or block access if malicious code compromises your network services
- Enforce vigilant password security
- Remove or block emails containing attachments known to spread viruses (including .BAT, .EXE, .PIF, .SCR, and .VBS files)
- Scan all software and downloads for viruses
- Create a process for automatically backing up/restoring important business data
- On each PC (including remote systems), make sure to install and update antivirus and anti-spam software, firewalls, intrusion detection, and intrusion protection systems
Summary
With limited staffs and budgets, small- to medium-sized businesses have unique computing environments—and unique IT security requirements. Beyond providing employees with a sound understanding of common security threats and undertaking a few simple measures, leading security software providers can help these organizations increase security and reduce costs.
