More than ever, SMBs need to focus on security as part of their IT infrastructure, building around it rather than considering it as an afterthought. This has become even more critical over the past few years as many businesses have unwittingly lost their customers’ personal data due to security breaches, and as states and countries have responded by enacting laws to force the businesses to implement additional levels of protection.
Security Considerations for Small- and Medium-Sized Businesses (SMBs) By Brad Dinerman
More than ever, SMBs need to focus on security as part of their IT infrastructure, building around it rather than considering it as an afterthought. This has become even more critical over the past few years as many businesses have unwittingly lost their customers' personal data due to security breaches, and as states and countries have responded by enacting laws to force the businesses to implement additional levels of protection. Security Considerations for Small- and Medium-Sized Businesses (SMBs)
From the point of view of this white paper, a small business is any organization that uses between one and two hundred computers, whether servers or workstations. The nature of the business will determine the level of security that is required. For example, a florist will have different needs than a dental office which in turn has different needs than a scientific research center or an elementary school.
Small businesses usually have one or more individuals responsible for the IT and MIS infrastructure within the businesses. While it is all great and wonderful when that individual is trained and has a strong background in IT, there are too many times when the person has been thrown into the position of supporting the systems simply because he happened to be sitting in the front row at the company meeting and volunteered the fact that he configured his own home wireless network.
Whether you are a master of IT or a hapless victim thrown into the role, this white paper will help you identify some of the key areas and issues that you must address in order to maintain a secure organization.
SMBs Need to Peel the Security Onion "Am I secure?" This question may haunt any SMB owner or IT manager. Yet the question alone does not ask enough information to make an answer possible.
Consider the possible ways that this question can be extended:
ƒ Am I secure against hackers trying to break into my Web server?
ƒ Am I secure against my colleague finding out my password and using my credentials to do something unethical?
ƒ Am I secure against viruses or worms coming in to my system via email?
ƒ Am I secure from the liability of having a student surf inappropriate Web sites?
ƒ Am I secure against an employee copying my sales data onto his USB hard drive or taking away personal, financial information about my customers?
ƒ Am I secure against my server crashing and bringing all productivity to a catastrophic halt?
ƒ And so on, and so on.
Obviously, there are many interpretations of what is meant by "secure." Even if you were able to answer all these questions positively, the nature of technology is such that what is secure today will not be considered secure tomorrow. Ten years ago, I stated over-confidently to my employer that our Windows NT Server running Exchange Server 5.5 was secure. If I were to look at that same system today and again declare that it was secure, then I would be looking for a new career by tomorrow.
Security is implemented in layers. There are many, many layers that need to be secured in an organization. Start at the outer-most layer, peel it away and then find another layer to secure. Peel away that second layer and a third one yet appears. This is what we call the "security onion".
GFI Software | www.gfi.com 2 Security Considerations for Small- and Medium-Sized Businesses (SMBs)
Requirements and Issues Particular to SMBs - IT's All about Budget I think that it is a safe assumption to state that the single-most important factor that affects a small business' decisions is budget. SMB owners don't usually have hundreds or even tens of thousands of dollars to spend on IT infrastructure. Instead, they look at their checkbook as they hand over their hard-earned dollars to purchase devices such as firewalls to protect their internal network.
"Why," they wonder, "do we really need this? Our new ISP told us that we could just hook up the DSL connection directly to the server and have full Internet access. We weren't expecting to have to pay an ... [download for more]
