Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

6/29/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.

As organizations across the country begin to emerge from their mandatory COVID-19 hibernations, the transition could be difficult for many as they continue to feel the brunt of the health crisis and its economic impact. These challenges would be exacerbated for small and midsize businesses (SMBs). Although reopenings and renewed operations offer initial hope, they're also being met with a great deal of uncertainty because many SMBs have fewer resources — in terms of capital and personnel — than they previously had.

Often overshadowed by large enterprises, SMBs are responsible for nearly 44% of economic activity in the United States, according to the US Small Business Administration. But given the current climate, it can be difficult for SMBs to find available and/or affordable resources, and they are finding themselves easy targets for cyberattacks. In response, they are looking to the cybersecurity community now more than ever for accessible cybersecurity solutions, especially considering the never-ending wave of malware, ransomware, and phishing campaigns.

What exactly should SMBs be looking for as they determine the best products and services to mitigate their cybersecurity issues and enhance their overall security postures? Here are three simple, yet effective suggestions.

Simple Pricing
First and foremost, finding free or low-cost versions of cybersecurity products or services is a must. Luckily for SMBs, many organizations have offered their solutions at discounted rates in response to the coronavirus pandemic. These security vendors are rightfully recognizing how essential it is to keep SMBs — which serve as the backbone of their local economies — up and running. By taking advantage of these discounts and forming initial business relationships with vendors, SMBs that weather the COVID-19 storm will already have the resources and relationships in place to scale their security needs once "normal" operations resume.

However, it's important to note that SMBs should look out for any fine print attached to discounted solutions regarding geographic boundaries, user threshold limits, and specific time frames. While anyone in need of enhanced security should have the ability to access such terms, this is often not the case, and SMBs should be especially wary of hidden or misleading disclaimers.

Ease of Installation and Deployment
SMBs typically employ small IT teams that often cover security as a secondary skill set, so it can be understandingly overwhelming for them to choose from among the sheer number of available security products and services. This also makes it difficult for them to understand which of the thousands of solutions on the market are the right fit for their business needs. Even if all of the details are outlined, SMB decision-makers can still struggle with simply knowing how to respond to active threats and deploying the technology. Therefore, solutions that are very simple, both in terms of installation and deployment, should be prioritized by those involved in leadership positions.

Low Maintenance and User Experience
Similarly, ongoing maintenance that does not require a dedicated IT or security team to constantly implement updates or include additional customizations should be emphasized when comparing options. Given that day-to-day users will likely not be security-savvy, having an intuitive user experience should be a key component of any security solution under consideration. Employees will want to be able to maintain their level of productivity while simultaneously staying secure. Ultimately, the balance between easy maintenance and enhanced usability is a delicate one, but SMBs shouldn't think they have to trade one for the other. 

By taking these three recommendations to heart, SMBs can improve their overall security and collectively protect the businesses that make up nearly half of our country's economy. Even better, they'll be able to keep their doors open for business to customers and keep their workers employed, while keeping both parties secure from cyber threats.

Related Articles:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
 

Kowsik Guruswamy is CTO of Menlo Security. Previously, he was co-­founder and CTO at Mu Dynamics, which pioneered a new way to analyze networked products for security vulnerabilities. Before Mu, he was a distinguished engineer at Juniper Networks. Kowsik joined Juniper ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:25:38 PM
Security
because many SMBs have fewer resources in terms of capital and personnel than they previously had. This makes sense, fewer resources mean less allocation for security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:27:43 PM
SMBs
current climate, it can be difficult for SMBs to find available and/or affordable resources, and they are finding themselves easy targets for cyberattacks. That makes sense, affordable security solution would help SMBs.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:29:44 PM
Skills
SMBs typically employ small IT teams that often cover security as a secondary skill set, Ok. Security skills is quite different than other IT skills and we tend to lick of it most of the time.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:31:47 PM
User experience
having an intuitive user experience should be a key component of any security solution under consideration User experience and security may collide if not implemented properly. Better be careful.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:34:36 PM
Fine prints
However, it's important to note that SMBs should look out for any fine print attached to discounted solutions regarding geographic boundaries That is where we need to be careful, you do not want to end up with a solution that does not help.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...