GURU Insight: Lessons for SMBs From The Dark Side of Security


While reading through the article, “Black Hat: Lessons For SMBs From The Dark Side of Security”, we noticed that the author Robert Lemons used the scare tactic approach to persuade SMBs to take a serious look at their own security measures.  We noticed a lot of the concerns and the doom and gloom that the author, Robert Lemos, addresses have merit so let’s dig a little further.  Below are quotes taken from Robert’s article, followed by our responses.

“SMBs are being targeted by attackers as well. In fact, size has less to do with whether a company is targeted than their business and their intellectual assets”

We can confirm this targeted attack activity as we see this often when we do network assessments and through our proactive checks.   Fortunately we have implements to uncover potential risks long before a malicious attacker will discover them.

Using tools like vulnerability scans, aCOUPLEofGURUS will “mock attack” your network on a monthly basis to simulate what an actual attacker would be going through to find security holes.  If any weaknesses are found, we make it a priority to immediately close those security risks.

“Small businesses will tell us, ‘we don’t have a team to build a policy, so just give us something to implement,’”

Its’ true, small businesses don’t have the time or resources to develop an extensive plan. We have already created a comprehensive security plan that is designed specifically with small businesses in mind. We proactively monitor networks for potential threats, review your security procedures with you on a quarterly basis, proactively manage your security patching, and scrub your security logs to look for potential attacks.  Using these policies, we have been able to successfully thwart and eliminate brute force attacks and potential security risks for all our ConstantCare clients.

“Today, with employees bringing in their own devices with a variety of consumer applications, SMBs networks are more porous than ever.”

Most companies won’t even bother with security protocols until it’s too late.   The fact of the matter is, even while companies are thinking that it won’t ever happen to them, outside forces are already probing to find entry points to their network.  That might sound doom and gloom, but with proper prior planning any potential risk can be mitigated, even uncontrolled security risks, like user devices.

We often show companies how they can better secure their network, and often times it’s with tools that the companies already own, but never implemented or knew existed.  The only drawback to any new security procedure is often not with the technology itself, but with the people who have to adjust to the policy.  Users will always fight change initially, However, in due time new security implementations will become second nature and the business will be better protected.

[Original Article]