A couple of weeks ago I attended a web seminar about the top security-related risks for SMBs. Randy Franklin Smith, contributing editor for Windows IT Pro and esteemed security consultant, highlighted what he considers to be the 5 biggest risks.
1. Endpoint Compromise
Endpoints are the least secure part of a network because they deal with the most content from the Internet and therefore the greatest amount of malware. Physical security is also a risk, not only for laptops but also for desktop systems. Unlike servers, workstations are rarely locked up. Most security updates are targeted at patching endpoint-centric vulnerabilities. Endpoints are especially vulnerable in SMBs because of a lack of centralized systems management or consistent security policies. In addition, SMBs often rely on desktop client applications—and more applications installed and data stored on clients results in a greater potential attack area.
2. Data Leakage
Around half of all SMBs have lost confidential data, mostly through theft. Data leaks cost SMBs an average of $300,000 per incident. Most data leakage solutions are designed for larger enterprises, which leaves SMBs relatively unprotected.
3. Failed Data Backup and Recovery
The majority of users in SMBs store critical data on their desktops and laptops, which typically aren’t backed up properly. And even when backup does occur, 50% of all tape backups fail to restore. Around 25% of PC users suffer data loss each year. These numbers are even scarier in light of the fact that about 70% of small businesses that experience a major data loss go out of business within a year of that loss.
4. Email Integrity
Many SMBs use consumer-based endpoint-centric email security solutions, which don’t work for these organizations because they’re installed on individual machines and therefore aren’t centrally managed. Hosted email security solutions often aren’t flexible enough for SMBs and might not be comprehensive enough. Some anti-spam solutions can also be too restrictive, keeping important email messages from getting through. Email availability is as important as email security.
5. IT Management Costs
SMB IT pros often try to upsize consumer solutions or downsize enterprise solutions, neither of which is efficient or cost-effective. The SMB IT pro must be a jack of all trades—gone are the days of IT specialization. But having too many products to manage results in too many agents to track on the desktop. Simply tending to security and systems management can keep IT pros from spending time where it’s really needed—on leveraging new technologies to advance the organization’s business.
To listen to the complete 30-minute webinar, click “ Top 5 Risks Every Small Business IT Pro Should Know”—it’s a half hour well spent. (The webinar is available on demand until December 15, 2010.)