Forward Thinking: 5 Ways To Improve Your SMB Security



Dan Gunderman
12/01/2017

Let’s be clear. With intensifying threats and hordes of cyber-criminals competing for illicit control of sensitive data and network infrastructure, there is no way to keep your enterprise 100% clear of all cyber threats.

With that in mind, though, there are certainly ways to optimize your security architecture, to both mitigate threats and stand guard against the latest evolving strains of malicious software.

Small and midsize businesses (SMB) appear to stand out as targets for implacable cyber thieves – mostly because they know that SMBs may not have sufficient resources to protect against every developing threat.

Because of this recognition, these dogged trespassers attempt to crack SMB networks with more frequency, hoping to cut right to the lifeblood of the operation – its data cache, databases or financial information. Some cyber thieves will peddle the information on the Dark Web; others may look to capitalize on it in another way.

Nonetheless, these threats are active, and thus if C-suite-structured SMBs are having the conversation, more resources must be allocated to the practice of network defense. For those without the C-suite oversight, perhaps it is a decision for the manager or president to make, even as they juggle other tasks. The topic is certainly worth the due diligence.

See Related: Cyber Security Talent, App Hack Tops November News

The problem this presents, however, is the question of security versus productivity, and how the two can be diametrically opposed. That is, the more time, energy and resources that go into shoring up enterprise networks, the less productive an SMB becomes. Or, the more an SMB ignores their burdensome IT question, the more they could pay in the long run, when the operation falls under attack.

So, let’s review five different steps you can take as an enterprise official to improve your SMB cyber security:

Consider A Managed Services Provider (MSP)

Outsourcing your IT and cyber security needs could be the solution you’ve been waiting for, as it will allow you to refocus on productivity and meeting business goals. The MSP will hawk over your enterprise – ensuring that its professional staff monitors the network, institutes a managed and comprehensive antivirus program (versus a manual, off-the-shelf approach) and lays out contingencies for incident recovery.

Email Filters And Monitoring

Many attacks these days begin with an innocent-looking email that, if clicked, snowballs into a (potentially) colossal malware incident. The practice of “phishing” has been the catalyst for many mega-breaches. According to Advanced Network Solutions, about 1 in every 95 emails contains malware. Your enterprise – or potential MSP – should carry sophisticated email analytical tools that can both function effectively and quarantine potential threats.

Access Management

For the enterprise, those charged with securing networks should consider limited access controls and an even slimmer whitelist for virtual private network (VPN) users. A comprehensive audit should be conducted of privileges and who can access what. Further, if the enterprise utilizes a VPN, the entry should be strictly password-protected and limited to only the necessary employees. Distributed password configurations should also be avoided, as email hacking and other maneuvers could uncover sensitive login credentials. Ensure that activity inside the VPN is as strictly guarded as the activity outside.

Staffing

There was a time where considering a full unit of IT staffers was more of a luxurious option and benchmark of success – the wealthier the company, the more fortified its IT infrastructure. Today, that layout has been demonstrably altered – to the point where every operation – small, midsize or large enterprise – is in dire need of a capable IT staff. What falls within this staff’s purview is protection of the most valuable commodity your enterprise possesses – its data. Whether the work has been outsourced or your staff is in its development stage, be sure that those with access to your inner-workings are both qualified, proactive and prepared to handle even a crippling zero-day threat.

Incident Response

The configuration of your IT staff and its ability to handle an attack penetrating the system segues nicely into our final point: the ability both handle an attack in real time and carry out post-mortem forensic analysis. A MSP should have the wherewithal to conduct this step comfortably – drawing on updated software and effective protocols to trace the source and carry out remedial steps. For those standing guard over a network, be sure to consult with a professional who is conversant in IT language, and have the infrastructure in place to rebuild your operation.

The cyber security ecosystem is changing each day, but with the proper zeal and awareness, you can keep threats at bay.