Q&A: IT Security for small to medium business in 2010
Q. What are the IT security issues that SMBs face?
The threat to SMBs comes in a number of forms. First, there’s the need to protect emails against problems including spam, phishing, viruses and so on. Secondly, there is the issue of securing company data. Email and Web 2.0 (which allows comment and content to be uploaded) has made it much easier to accidentally or deliberately share sensitive information such as customer databases, price lists and contracts. Loss of this kind of data can be absolutely critical to an SMB.
Thirdly, there’s the need for Web security. Most organisations have at least some understanding of the danger posed by employees visiting malicious Web sites or productivity loss from unrestricted browsing. What is less widely recognised is the danger of visiting genuine sites with hidden malicious code or of companies having their own Web sites attacked due to lack of security. In fact, in the second half of 2009, researchers found that 71% of Web sites with malicious code were actually legitimate sites that hackers had infected. If you run a small business and your site becomes infected with a data-stealing worm, you’re not only helping the spread of malware but you could find the site has been blocked by tools such as Google Safe Search. And if your potential customers can’t find you, it’s bound to impact revenue.
Q. What security technology do you advise for SMBs? What do they really need and what would be nice to have?
Every SMB should have a way of identifying and blocking incoming threats via email and the Web, and they need to be able to prevent staff from accessing high-risk and low productivity Web sites. Ideally, email security should have the ability to check embedded URL links, and Web protection must be able to scan Web sites in real-time for hidden malicious code. So, we’re talking about solid email and Web security solutions.
Data protection is most likely to be of interest to medium sized organisations wanting to protect its confidential information, or where staff turnover is higher and managers or owners can’t keep an eye on the minutiae of activity that goes on throughout the day. Good reporting capabilities are also useful as they help users to understand where and how frequently their threats are coming from.
Q. How big is the virus threat?
Viruses are still out there and they still pose a problem. However, unlike a decade or so ago, modern threats are both more targeted and more sophisticated. Blended threats – by which I mean emails that contain links to spam sites and/or malicious Web sites – remain the most popular vector for spam attacks. Spam – in a large or small organisation – represents a massive drain on company resources, both by clogging the network and in time taken to clean up. Our team of researchers in the Websense Security Labs identified that on average 85.8% of all emails are spam, and 81% of those spam emails contained a malicious link.