When it comes to security for small and midsize businesses, the only thing small is the budget. SMBs have to worry about the same things large enterprises do, including increasingly sophisticated malware and Web-based threats, denial-of-service and Web application-based attacks, spam, social engineering attacks, regulatory compliance and insider threats.
However, while a large enterprise often has dedicated information security professionals working alongside IT professionals, the IT staff at an SMB may be just one or two people responsible for keeping the infrastructure up and running, for compliance and defending against all manner of threats.
For many of these businesses, security is part of the conversation because of contractual obligations. An SMB working with a larger enterprise may be told that in order to access certain data, the SMB needs to have an encryption strategy in place. Even if the small business is exempt from Payment Card Industry Data Security Standard requirements, the larger partner may demand PCI compliance as part of doing business.
It's a lot to keep track of, and SMBs are increasingly looking to security consultants, value-added resellers and security service providers to ease the security burden and make those budgetary dollars stretch a little further.
At minimum, SMBs need to think about spam and malware filtering to protect their networks from being compromised or simply bogged down by unwanted email traffic. They also need Web protection to make sure employees don't accidentally wind up on malicious sites.
Smaller businesses should also focus on the risk management of their business processes, data assets and associated information infrastructure (people, processes, procedures and technology), says John Pironti, an adviser with ISACA (formerly known as the Information Systems Audit and Control Association) and president at IP Architects.
"Instead of securing the vessel [the technology], focus on securing the asset or the data, which has the real business value," says Pironti.
"The best thing an SMB can do is complete a comprehensive security assessment" to fully understand the risks, says Janeen Blanton, VP of insurance productivity services and the Agile Center of Excellence at Salient Commercial Solutions. Often these assessments uncover vulnerabilities that the company wasn't even aware of.
To read more about the security services that SMBs should consider using -- and to find out how to choose and pay for them -- download the free report on security outsourcing for small businesses.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.