Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

6/29/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.

As organizations across the country begin to emerge from their mandatory COVID-19 hibernations, the transition could be difficult for many as they continue to feel the brunt of the health crisis and its economic impact. These challenges would be exacerbated for small and midsize businesses (SMBs). Although reopenings and renewed operations offer initial hope, they're also being met with a great deal of uncertainty because many SMBs have fewer resources — in terms of capital and personnel — than they previously had.

Often overshadowed by large enterprises, SMBs are responsible for nearly 44% of economic activity in the United States, according to the US Small Business Administration. But given the current climate, it can be difficult for SMBs to find available and/or affordable resources, and they are finding themselves easy targets for cyberattacks. In response, they are looking to the cybersecurity community now more than ever for accessible cybersecurity solutions, especially considering the never-ending wave of malware, ransomware, and phishing campaigns.

What exactly should SMBs be looking for as they determine the best products and services to mitigate their cybersecurity issues and enhance their overall security postures? Here are three simple, yet effective suggestions.

Simple Pricing
First and foremost, finding free or low-cost versions of cybersecurity products or services is a must. Luckily for SMBs, many organizations have offered their solutions at discounted rates in response to the coronavirus pandemic. These security vendors are rightfully recognizing how essential it is to keep SMBs — which serve as the backbone of their local economies — up and running. By taking advantage of these discounts and forming initial business relationships with vendors, SMBs that weather the COVID-19 storm will already have the resources and relationships in place to scale their security needs once "normal" operations resume.

However, it's important to note that SMBs should look out for any fine print attached to discounted solutions regarding geographic boundaries, user threshold limits, and specific time frames. While anyone in need of enhanced security should have the ability to access such terms, this is often not the case, and SMBs should be especially wary of hidden or misleading disclaimers.

Ease of Installation and Deployment
SMBs typically employ small IT teams that often cover security as a secondary skill set, so it can be understandingly overwhelming for them to choose from among the sheer number of available security products and services. This also makes it difficult for them to understand which of the thousands of solutions on the market are the right fit for their business needs. Even if all of the details are outlined, SMB decision-makers can still struggle with simply knowing how to respond to active threats and deploying the technology. Therefore, solutions that are very simple, both in terms of installation and deployment, should be prioritized by those involved in leadership positions.

Low Maintenance and User Experience
Similarly, ongoing maintenance that does not require a dedicated IT or security team to constantly implement updates or include additional customizations should be emphasized when comparing options. Given that day-to-day users will likely not be security-savvy, having an intuitive user experience should be a key component of any security solution under consideration. Employees will want to be able to maintain their level of productivity while simultaneously staying secure. Ultimately, the balance between easy maintenance and enhanced usability is a delicate one, but SMBs shouldn't think they have to trade one for the other. 

By taking these three recommendations to heart, SMBs can improve their overall security and collectively protect the businesses that make up nearly half of our country's economy. Even better, they'll be able to keep their doors open for business to customers and keep their workers employed, while keeping both parties secure from cyber threats.

Related Articles:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
 

Kowsik Guruswamy is CTO of Menlo Security. Previously, he was co-­founder and CTO at Mu Dynamics, which pioneered a new way to analyze networked products for security vulnerabilities. Before Mu, he was a distinguished engineer at Juniper Networks. Kowsik joined Juniper ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:25:38 PM
Security
because many SMBs have fewer resources in terms of capital and personnel than they previously had. This makes sense, fewer resources mean less allocation for security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:27:43 PM
SMBs
current climate, it can be difficult for SMBs to find available and/or affordable resources, and they are finding themselves easy targets for cyberattacks. That makes sense, affordable security solution would help SMBs.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:29:44 PM
Skills
SMBs typically employ small IT teams that often cover security as a secondary skill set, Ok. Security skills is quite different than other IT skills and we tend to lick of it most of the time.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:31:47 PM
User experience
having an intuitive user experience should be a key component of any security solution under consideration User experience and security may collide if not implemented properly. Better be careful.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2020 | 9:34:36 PM
Fine prints
However, it's important to note that SMBs should look out for any fine print attached to discounted solutions regarding geographic boundaries That is where we need to be careful, you do not want to end up with a solution that does not help.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.