According to Promisec, SMEs face unique security challenges by having to protect against many of the same threats as enterprise customers but without the IT staff, budget and experience utilized by larger IT shops. The limited IT security resources place a higher burden on SMEs to develop a comprehensive security policy that can be automated by leveraging available technology instead of relying on human monitoring to identify and correct security problems.
“SME customers have just as much at risk from security breaches but they are more susceptible to these lapses because of inexperience to understand the nature of the security threats. They also have substantially less financial and technical resources than enterprises have access to in building their corporate security infrastructures,” said Amir Kotler, CEO of Promisec. “Promisec understands the challenges facing the SME and we are offering our expertise and experience to help them deploy a strong security strategy built around the simple but powerful agentless architecture of our Spectator™ Professional endpoint security technology.”
While SMEs need to be on guard against external threats that can penetrate a network and compromise company data, the more serious threats are likely to be internal. A recent Gartner Inc. survey showed that 80 percent of security threats originate within the network, rendering tools running on network gateways completely ineffective.
Internal threats come from a variety of sources, some intentional and some innocent, including the installation of unauthorized applications, disabling or failing to update installed security software, firewalls or proxies, emails with malicious attachments, and keystroke loggers. Perhaps the most dangerous threat is the use of unapproved storage media, such as CDs, DVDs, USB storage devices, infrared, modems and WiFi. These devices can be twice as dangerous with the ability to not only introduce security threats such as malware and viruses onto a previously secure network, but also download and remove sensitive company data.
To minimize or eliminate these security threats, Promisec recommends these security practices for SMEs:
Develop written guidelines to establish company-wide security policies
These policies will clarify safe practices for all employees to minimize the potential for internal threats coming from employee ignorance of the potential threats
Deploy a Layered Security Infrastructure
Different threats require different security tools, ranging from anti-virus software to hardware firewalls. To be truly effective, an SME data protection solution must encompass a variety of these tools to protect against the diversity of security threats.
Automate the Security System
Given the IT budget constraints of most SMEs it is unrealistic to expect them to have a dedicated network security administrator to monitor and respond to security threats, Instead, SMEs need to automate the system with a security tool such as Promisec’s Spectator Professional that universally monitors and remediates all security software and hardware on an ongoing basis to weave the individual protection components into a comprehensive self- healing system.
Review and Refine the Security Baseline
After reviewing the threat and remediation reports from Spectator, SME security polices should updated and strengthened where needed to address the most serious threats.
R S S feed
