When it comes to IT risks, small and midsize businesses face many of the same threats as larger enterprises, yet studies show that most don't believe online criminals will target them or that their data is at risk.
A report on 1,015 U.S. SMBs by the National Cyber Security Alliance and Symantec found that even though 83 percent have no formal cybersecurity plan, more than three-fourths believe their companies are safe from cyberthreats such as hackers, viruses and malware.
This confidence is misplaced: In the past four years, we have seen continued increases in small-business data compromise. Of 26,000 targeted attacks that Symantec documented in 2011, half were on businesses with fewer than 2,500 employees and 18 percent were on businesses with fewer than 250 employees. In the first half of 2012, 36 percent of targeted attacks were aimed at SMBs, double the number seen in the past six months of 2011, according to the Symantec Internet Security Threat Report.
Small businesses are more prone to attack because they have fewer resources than large enterprises to maintain their defenses, but they have more valuable information and financial assets than home users. In this report, we recommend the five security tools SMBs need to establish an acceptable baseline of information security and protect the business from the most common and damaging computer and network attacks. The tools can be deployed by companies that have limited IT know-how and resources, and they can be obtained for very little -- or even no -- cost.
1. Network Firewall
Attackers are on constant lookout for networks connected to the Internet that are vulnerable to exploitation. Without a proper firewall, an Internet-connected business is at huge risk. Most operating systems include or support what’s called a host-based firewall, but such a system restricts incoming and outgoing network activity only for the machine it’s running on. While good to have, it’s not enough.
ISPs usually provide as part of their communications package a network router that includes a built-in firewall. These work well enough for home networks, but they are unlikely to offer enough administrative options to be suitable even for small businesses.
Being able to police and control the traffic entering a network is vital, making a hardware-based firewall an essential purchase. We specify hardware-based here because a major drawback of software firewalls is that they do not run on purpose-built and hardened machines.
The simplest and therefore cheapest type of firewall is called a packet filter, which allows rules that specify which packets can travel between specific endpoints, based on the packet type and the source and destination addresses and ports. More sophisticated firewalls can apply stricter rules because they have a deeper understanding of the protocols and can inspect traffic for viruses, malware, and spam.
For more information on how to choose a network firewall -- and to read about the four other essential tools, including host-based anti-malware, security configuration, encrypted drives, and backup and recovery -- download the free report.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.