Five Security Mistakes that SMBs Make and How to Correct Them
GFI Tip Sheet: Five Security Mistakes that SMBs Make and How to Correct Them When it comes to protecting your IT infrastructure, you want to keep critical business data secure, critical systems up and running, and employees safe from always-evolving threats. Yet, the reality is, with an organization of your size, the responsibility of IT often falls to just one person – meaning that oftentimes, the most pressing priorities take a back seat to other, unplanned, IT-related issues. With limited resources, time savers are welcome, but common security shortcuts may put your company at risk – costing much more than time in the long run. Is your company making serious security mistakes? Here are five of the most common security missteps and their simple solutions: 1. Relying Solely on Your ISP or Gateway Appliance So often, SMBs rely solely on their Internet Service Provider (ISP) or gateway appliance to cover their security needs. However, when you put full trust in your ISP, devices are not protected outside your network. And when you do the same with a gateway appliance, you’re unwisely assuming that security risks only stem from outside your corporate network. In reality, today’s network boundaries are blurred with the rise of mobile devices and mobile workers. New attack vectors are introduced regularly in the form of smartphones, external hard drives, USB sticks, etc., which may lead to users unknowingly introducing malware to your organization. The solution – get layered protection SMBs should not rely solely on protection at the perimeter. Endpoints are an easy target, and without the proper protection in place, can bring down a network. An additional layer of security is needed to protect against internal and external zero-day threats. With an endpoint security solution, user devices connected to your network are secure and you’re able to block certain devices by type, file extension or port – scaling your protection over time, as users grow and devices evolve. 2. Choosing a Consumer AV Product over a Business AV Solution While consumer antivirus products may seem like the best or cheapest solution for your business, they take control of security away from administrators and give it to end users – who may or may not be qualified to receive it. Even in small environments, the admin needs some control over what to allow to prevent costly and time-consuming mistakes by end users. Another disadvantage of using a consumer antivirus product is that there is no way to determine if the software is up to date with definitions and engine versions. So your business may not be protected from the latest and most sophisticated malware threats. The solution – choose a business AV product SMBs need AV solutions tailored to their needs. Business AV products allow for centralized management and control of all user machines and centralized reporting for tracking purposes. They make the day-to-day easier for your organization, providing a higher level of protection that’s more easily managed than consumer AV products. VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them 2 3. Assuming Upgrades are Automatic Patch management is an essential IT task, but scanning for and deploying patches is time-consuming and often overlooked. New advisories on software security vulnerabilities are published daily, so it’s easy to understand why many SMBs put full faith in their security solutions – assuming patches are automatically and regularly maintained. Unpatched computers pose a huge risk to your network – providing an open window for hackers and virus writers to exploit. Major attacks tend to occur in the hours immediately following the release of a new patch, when computers are most vulnerable. The solution – be proactive Stay on top of the latest patch releases or automate the entire process with a patch management solution that does. From assessing the impact of vulnerabilities to testing security updates, an automated patch solution is an easy and cost-effective way to safeguard your systems and network. 4. Lack of User Education A large percentage of successful malware attacks do not exploit technical vulnerabilities, but leverage social engineering tactics to prey on users’ emotions. Despite this, very few SMBs consistently communicate with employees about the threat landscape, including what they should – and shouldn’t – be doing online and why. A recent GFI Software survey found that 44% of respondents “sometimes” educate employees; 22% “rarely” educate; and 6% “never” educate. So what happens if an employee opens an email with a malicious attachment? Or accidently downloads spyware from a seemingly innocent website? Or installs pirated software that infects their machine? These are only a few of many reasons why employee education is critical. The solution – raise awareness Employees can easily put your organization at risk inadvertently. Therefore, it’s vital to communicate the importance of security and the role they play in keeping your business and data secure. Simple dos and don’ts, such as “don’t open suspicious emails” and “do follow our instructions to download security updates” will help drive compliance with your security, email and Internet policies. Whenever new malware threats arise, send a security update. The more employees hear from you, the safer your organization will be. 5. Trading Performance for High Effectiveness Most anti-malware solutions have continuously evolved to address new threats, but the protection comes at a price – placing high demands on system resources and slowing performance. This is due to vendors retooling their products by adding new layers of spam and virus capabilities rather than building better, more efficient core code. So often SMBs accept this poor performance and work around it, scheduling scans off-hours or at non-peak times for minimal impact on productivity. GFI surveyed SMBs on what’s important to them when it comes to AV – 100% said “performance.” Yet, when asked what they don’t like about their current AV solution, “performance” was given as the top answer for three of four competitive vendors. Clearly, many SMBs are sacrificing performance for effectiveness with resource-hogging solutions. The solution – eliminate bloatware If you’re frustrated with how your email security solution affects end users’ machines, there are other options available. See how your current solution stacks up to alternatives in the market in terms of scan times, memory VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them 3 consumption and CPU utilization. Do your research – see how the IT publications and industry analysts rate your current offering and find a solution that’s the best fit for your business. You deserve unrivaled threat detection and fast system performance – don’t settle for anything less. If any of these security mistakes ring true, you’re not alone. Thankfully, they are easy to avoid – when armed with the right information. Take these steps to keep your business safe now and in the future. About GFI GFI Software provides Web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises via an extensive global partner community. About GFI VIPRE® Antivirus Business The VIPRE Antivirus Business product line delivers antivirus and anti-spyware protection, client firewall and malicious website filtering technologies to protect SMBs from ever-changing and sophisticated malware threats. VIPRE Antivirus Business stands apart from other AV solutions due to its single, powerful threat engine, minimal impact on system resources, ease of management and fast scan times. VIPRE Antivirus Business is available as a free 30-day trial. Test drive VIPRE today and see why SMBs rely on VIPRE Antivirus Business to keep their network protected: Click Here VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them 4 GFI 2011 june02 USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104 Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 Email: [email protected] 33 North Garden Ave, Suite 1200, Clearwater, FL USA Telephone: +1 (888) 688-8457 Fax: +1 (727) 562-5199 Email: [email protected] ENGLAND AND IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 Email: [email protected] EUROPE, MIDDLE EAST & AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 Email: [email protected] AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 Email: [email protected] Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out-of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical. VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them 5
© Copyright 2024