Small & medium-sized businesses (SMB) today are under attack from malware, ransomware, external threats and data breaches. The problem is that SMBs have a lack of sophistication around their security strategy, which makes the possibility of not being affected bleak

SMBs need to get the big business protection in terms of focus and effectiveness, but with SMB sensibilities in terms of implementation and use.

Security matters to SMBs

In today’s world, to acquire new capabilities, increase efficiency and/or reduce costs, SMBs need to adopt new technologies. However, with each new application comes a need to secure users, data and the environment that the solution integrates into.

Companies that see security as a painful requirement requested each time a new technology is considered will be slow to adopt – and slow to profit from – new efficiencies.

Effective IT security structures allow SMBs to move more quickly and surely than their competitors.

The challenge of securing the SMB

SMBs are seen as an easy target because most don’t have sufficient security in place to protect, detect or react to attacks:

• Lack of resources: SMBs don’t want to invest in something that might necessitate updating the whole infrastructure, updating storage or updating the operating system.
• Lack of expertise: It is becoming more and more complex. Organizations today need to use security solutions that extend to remote locations and cover roaming and mobile users.
• Lack of information and training: Most SMBs don’t have a large IT team.
• Lack of time: Smaller businesses are understandably focusing on being operational from day to day, so they can serve customers to keep the business going and pay the staff working.

Enterprise Caliber Security with SMB sensitivity

So how does an SMB build an approach that safeguards their organization, users and data?

SMBs need enterprise caliber defense in terms of focus and effectiveness, but with SMB sensibilities in terms of implementation and use.

Here are 8 SMB-friendly criteria to achieve minimum effort for maximum impact:

1. Easy adoption: Security should be behind the scenes, protecting the users and the environment until the moment the user is truly conflicting with security protocol.
2. Effective: Adding layers to your security strategy maximizes your chances of stopping a threat before it starts.
3. Accurate: SMBs don’t want a lot of false positives. They don’t have time to chase down 50 alerts a day.
4. Intelligence: Solutions that just offer information result in the need to hire a watch dog. Choose intelligence and insights that can help spot and stop a breach.
5. Automated: Should something fall outside a set of established restrictions, your solution should automatically take action before the damage is done – not only when IT intervenes.
6. Cost effective: Security doesn’t have to come at a high cost – but it does have to be effective in relation to its cost. 
7. Non-disruptive for IT: Solutions that work alongside existing infrastructure don’t frustrate IT teams.
8. Limited administration: Security solutions must be simple to implement and intuitive to manage.

For more information on how to secure small and medium sized businesses, read our white paper The Challenge to secure Small and Medium Sized Business (SMB).

About the Author:

François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues. 

IS Decisions is a provider of infrastructure and security management software solutions for Microsoft (News - Alert) Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.

 Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.