Hackers love small business

The internet doesn’t distinguish between companies at the big end of town or 20-person enterprises. Web threats demand attention from organisations of all sizes.

According to analyst firm Yankee Group*, many mid-sized organisations are struggling with the security basics, while threats have become more sophisticated, launching attacks such as identity and data theft. Counting on existing anti-virus and firewalls for protection has given organisations a false sense of security which, along with limited staffing resources and information technology budgets, has increased mid-sized companies’ exposure to malicious websites, spyware and other internet threats that can cause data loss.

Additionally, as more dynamic and media-rich content is served over the web, unmanaged internet access can distract employees with non-work related activities. Access to bandwidth-intensive websites, such as those with streaming video, online music and peer-to-peer file sharing, can hamper networks with limited bandwidth. These sites are also attractive locations for hackers to host malicious software that targets unsuspecting, unprotected users and organisations.

Small businesses suffer similar consequences as larger organisations when it comes to security and should have appropriate protection in place around the clock, 365 days a year. What they need is a ‘set and forget’ solution that provides peace of mind and allows them to concentrate on what they do best.

When it comes to security, SMEs need to fundamentally:

  • * protect against web-based security threats;
  • * mitigate employee productivity and bandwidth losses;
  • * reduce IT costs as a result of security threats; and
  • * protect company's brand from phishing and other exploitations.

Like any business, though, SMEs need security that enables employees to productively use the internet without exposure to risks, which are typically missed or are too costly to prevent using traditional security technologies, such as antivirus and intrusion prevention systems.

Solutions which are engineered to deliver enterprise-level functionality but optimised to meet the needs of mid-sized and smaller organisations should include a content filtering and web security solution that works out-of-the-box, requires no specialised training, and delivers real value quickly.

Checklist: Finding a Security Solution

Ask yourself the following key questions:

·   Does it provide immediate protection against productivity and bandwidth-draining internet use and web-based threats?

·   Is it easy to install and have out-of-the-box defaults, enabling the software to be set up within minutes?

·   Does the vendor have a ‘Getting Started’ tutorial to help administrators create  customised policies quickly?

·   Can the system be up kept to date through automatic daily database updates?

·   Does the solution require any maintenance or updating?

·   Does it provide for web-based reporting and context-sensitive drill down capabilities for easy and effective analysis of employee internet use?

·   Does it combine content filtering and web security into one solution that improves employee productivity and protects against complex internet threats?

·   Is it a fully-integrated platform that provides one-box management and reporting within a single server?

·   Does it have intuitive real-time monitoring that shows internet usage and system status on a single dashboard screen?

·   Can it work immediately and pay for itself within 30 days with productivity improvements alone?

·   Does it eliminate layers of IT security technology that are ill-designed to address the productivity and web security needs of mid-sized and smaller organisations?

* Source: Yankee Group, “SMBs Are Not Keeping Pace with a Rapidly Evolving Security Threat Landscape”, August 2006.

Phil Vasic, ANZ  country manager for Websense, www.websense.com

The opinions expressed in this article are those of the author, and don’t necessarily reflect the opinions of DYNAMICBUSINESS.com or the publishers.

Related Stories