Tech Support For Dummies

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 1 July 2010

Lack of security in SMBs? Only if you make it so.

Posted on 06:34 by Unknown
This new piece from Dark Reading on lack of security in SMBs hits some interesting points. I agree with the fact that many SMBs overlook security, at least until it's too late. But I see things a bit differently than some of the things stated and quoted such as:
  • "SMB have historically not given security much thoughts"
  • "With budgets so slim, organizing security in an SMB is difficult"

SMBs make up a large portion of my business performing independent security assessments. If SMBs choose to address security - and many of them do - then they tend to find the budget to make it work. It's like any other business priority. Granted there are millions of SMBs in the U.S. and I'm sure a majority of them don't take security seriously. But there are many, many SMBs out there with leaders who do. It's all a matter of choice. It's the ability of SMB leaders to think long term.

In this same article, Robert Richardson with CSI, hit the nail on the head when he said "Small businesses have the opportunity to be a lot more protected because they have an opportunity to be a lot more uniform in how they implement policy."

This is the thing that stands out to me the most. It's indeed an opportunity to do it now when it's easier and cheaper. Do security right up front when things are small and straightforward and the business can grow into the established infrastructure as it evolves. It's an amazing thing but it really works and there's a profound payoff for the SMBs that make it happen.

Check out my Smart IT blog at Bizmore.com if you're interested in further reading on information security in SMBs.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in security leadership, small business, SMBs, thinking long term | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Reaver Pro: a simple tool for cracking WPA on a LOT of wireless networks
    If wireless security testing is on your radar, you need to get Reaver Pro . As I outlined in this Hacking For Dummies, 4th edition chapter ,...
  • Reactive security, eh? How’s that workin' for ya?
    Every time I browse the Chronology of Data Breaches and read the headlines coming out from Dark Reading, threatpost, and the like, I can...
  • The compliance crutch mentality rides on
    I believe it was my colleague Kevin Bocek who once said: "Security done right will yield compliance for free. Compliance for complianc...
  • My new material on Web application & website security
    Here are several new pieces I've written on Web site/application security. Lots of angles and considerations: There’s more to web securi...
  • Wooo...HIPAA audits are coming & the irony of KPMG's involvement
    I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing ...
  • It's hard being human
    Cavett Robert once said something about character that resonates within information security - especially regarding ongoing management and l...
  • Join me live online today with TechTarget & ISACA
    Today is our live virtual seminar Making the Case for the Cloud: The Next Steps . Join me, Urs Fischer, Dave Shackleford, Andrew Baer and Di...
  • "Top Blogs" list & some home security considerations
    I think I may have found the first sign that my blog is growing and gaining some traction. I've made it to the Top 20 Home Security Blog...
  • Common sense counts the most
    A great quote I heard over the weekend has a direct tie-in to what we focus (or don't focus) our efforts on in information security. NAS...
  • Supererogation helps infosec
    I saw a great Word of the Day from Merriam-Webster over the Christmas break: Supererogation It means "the act of performing more than i...

Categories

  • active directory
  • application firewalls
  • APTs
  • aslr
  • atm security
  • audio programs
  • audit logging
  • automated scanner oversights
  • back to basics
  • backups
  • big brother
  • bitlocker
  • budget
  • business case for security
  • business continuity
  • BYOD
  • car hacking
  • careers
  • certifications
  • change management
  • checklist audits
  • cissp
  • clear wireless
  • cloud computing
  • communication
  • compliance
  • computer glitch
  • conferences
  • consulting
  • content filtering
  • cool products
  • cool sites
  • cross-site request forgery
  • cross-site scripting
  • csrf
  • customer no service
  • cybersecurity bill
  • data at rest
  • data breach laws
  • data breaches
  • data centers
  • data destruction
  • data leakage
  • data protection
  • data retention
  • database security
  • degrees
  • desktop management
  • disaster recovery
  • disk imaging
  • disposal
  • dns
  • document security
  • domino
  • DoS attacks
  • drive encryption
  • e-discovery
  • ediscovery
  • employee monitoring
  • encrypting data in transit
  • encryption
  • end point security
  • ethical hacking
  • exchange
  • experience
  • expert witness
  • exploits
  • facebook
  • FERPA
  • file integrity monitoring
  • firewalls
  • forensics
  • full disk encryption
  • global warming
  • goal setting
  • good blogs
  • government intrusion
  • government regulations
  • great quotes
  • hacking
  • hardware
  • hipaa
  • hitech
  • hitech act
  • home security
  • humor
  • identity access management
  • identity theft
  • IIS
  • incident response
  • information classification
  • information security quotes
  • intel
  • intellectual property
  • internal threat
  • java
  • Kevin's books
  • Kevin's interviews
  • Kevin's keynotes
  • kevin's panels
  • kevin's quotes
  • Kevin's security content
  • Kevin's seminars
  • Kevin's videos
  • laptop encryption
  • laptop security
  • legal
  • Linux
  • locking screens
  • low-hanging fruit
  • malware
  • marketing hype
  • message from Kevin
  • messaging security
  • metasploit
  • metrics
  • mobile apps
  • mobile security
  • motivation
  • multi-factor authentication
  • network analysis
  • network complexities
  • network protocols
  • network security
  • networking essentials
  • Novell
  • office
  • online backup
  • online safety
  • open source security
  • owasp
  • p2p
  • passwords
  • patch management
  • patching
  • pci 6.6
  • pci dss
  • PCNAA
  • penetration testing
  • people problems
  • personal responsibility
  • phishing
  • physical security
  • pii
  • podcasts
  • policy enforcement
  • politics
  • presentations
  • privacy
  • quality assurance
  • recommended books
  • recommended magazines
  • recycling
  • remote access security
  • ridiculous password requirements
  • risk analysis
  • risk management
  • rogue insiders
  • ROI
  • RSA 2012
  • running a business
  • saas
  • salary
  • scary stuff
  • sccm
  • sdlc
  • security assessments
  • security audits
  • security awareness
  • security committees
  • security leadership
  • security management
  • security operations
  • security policies
  • security policy
  • security scans
  • security standards
  • security statistics
  • security technologies
  • security testing tools
  • security tools
  • selling security
  • sharepoint
  • small business
  • smartphone security
  • SMBs
  • social media
  • software development
  • source code
  • source code analysis
  • special offer
  • SQL injection
  • sql server
  • ssl
  • storage security
  • student information systems
  • stupid security
  • success
  • telecommuting
  • testimonials
  • thinking long term
  • third-party applications
  • threat modeling
  • time management
  • training
  • twitter
  • uncool products
  • unstructured information
  • unstructured infromation
  • user awareness
  • vendors
  • virtual machine security
  • visibility
  • voip
  • vulnerability assessments
  • web 2.0
  • web application security
  • web browser security
  • web server security
  • webcasts
  • WebInspect
  • whitelisting
  • whitepapers
  • Windows
  • Windows 7
  • windows 8
  • windows 8.1
  • Windows Mobile
  • windows security
  • Windows Vista
  • wireless
  • wireless security
  • zero tolerance

Blog Archive

  • ►  2013 (35)
    • ►  November (3)
    • ►  October (3)
    • ►  September (1)
    • ►  August (2)
    • ►  July (3)
    • ►  June (1)
    • ►  May (4)
    • ►  April (4)
    • ►  March (4)
    • ►  February (5)
    • ►  January (5)
  • ►  2012 (77)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (3)
    • ►  August (3)
    • ►  July (4)
    • ►  June (5)
    • ►  May (9)
    • ►  April (5)
    • ►  March (10)
    • ►  February (14)
    • ►  January (16)
  • ►  2011 (163)
    • ►  December (15)
    • ►  November (11)
    • ►  October (9)
    • ►  September (16)
    • ►  August (13)
    • ►  July (8)
    • ►  June (13)
    • ►  May (18)
    • ►  April (16)
    • ►  March (13)
    • ►  February (13)
    • ►  January (18)
  • ▼  2010 (170)
    • ►  December (10)
    • ►  November (14)
    • ►  October (7)
    • ►  September (27)
    • ►  August (20)
    • ▼  July (8)
      • Neat demo of XSS on Facebook
      • Good Web application security resource
      • Sometimes it's the little things that'll get you
      • Lessons learned & reminded of this past week
      • A joyous announcement
      • The reactive nature of policies that people ignore
      • Unique resource for managing Windows logs
      • Lack of security in SMBs? Only if you make it so.
    • ►  June (15)
    • ►  May (4)
    • ►  April (23)
    • ►  March (21)
    • ►  February (11)
    • ►  January (10)
  • ►  2009 (55)
    • ►  December (5)
    • ►  November (10)
    • ►  October (21)
    • ►  September (19)
Powered by Blogger.

About Me

Unknown
View my complete profile