SMB Security Simplified
- Although awareness is improving, there’s still a long way to go for SMBs to protect themselves adequately.
- SMBs who may be at most risk from an attack, have limited resources and options.
- There is a need to start doing something.
- TUX AI has been designed to deliver bundled, comprehensive protections for SMBs, and will fully protect most small businesses.
This series looked at reasons why SMBs need to start doing more to protect their business data assets. The main reason might be, that one of their goals is to stay in business. It was discussed that many SMBs don’t believe that they are targets of attack. The numbers show that is no longer true. It was also discussed that attackers may use you to attack your supply chain partners and customers. Another post looked at some potential longer term repercussions of that, impacting SMBs.
Last post came full circle, suggesting SMBs should reassess the kinds of data they might have, in order not to undervalue it. The whole point of that exercise suggests that if SMBs can understand the critical value of their data to their business, they might become more vigilant about protecting it right from the start. Investment in cyber protection is simply becoming an expected cost of being in business in a digital world.
It’s now time to realize that these days everyone is a target. We’re now experiencing the biggest cybercrime epidemic ever, – ransomware, and attackers don’t even have to try and sell your data to others. They only have to extort you. Attackers will hi-jack business assets, systems as well as data, and charge a ransom to return access. But that could be just the start of your problems. You can learn more about all the ransomware issues, and our solution for SMBs, in our series here.
How are SMBs currently doing?
Unfortunately, many small businesses, the ones most vulnerable, are not taking adequate action. The security company CSID just released results from a recent survey of small businesses. The results revealed that,
- 51% of small businesses are not investing in cyber security protection.
- 53% reported that they do not store valuable data, but they clearly do. This shows a disconnect in understanding the value of the data they hold and use for business activity.
- The number of small businesses that are confident about ability to defend against attack is very low. Yet they are still not investing in cyber security protection.
These results are more or less expected, but not exactly encouraging. There’s still a long way to go.
Awareness is just the start
As your awareness increases, the assumption that you won’t be a target will hopefully fade quickly, followed by a realization that steps to improve cyber defences must be taken as soon as possible.
It’s simply a reality that SMBs will generally be less able to withstand a breach or attack, than a large enterprise. As big as some hacks reported in the media have been, the damage to those large victims was only a tiny percentage of total revenues.
For anyone going for a pleasant ride on the river, it’s better to find out about the waterfalls before one is about to go over them. If you know ahead of time about the falls, but don’t change course, then one has a pretty good idea what the probable and expected outcome is going to be.
The cyber security industry has gone from saying it’s “a matter of if, to a matter of when”, someone gets hacked. To the question of when, we might have to add the question of , “How much damage and harm to a victim could be inflicted if such an event takes place?” Will an SMB be able to withstand it?
SMBs are in a tough position
Realizing there is a problem is the first step. We know that SMBs are overwhelmed and under-resourced when it comes to cyber security. They didn’t count on the extra expense of cyber security protection , or having to become a security guru just to own and operate a business. Plus, they are busy trying to run their businesses and make a living. They are also generally under-served by the infosec industry.
Possible courses of action
SMBs are now in a difficult position. While this series has tried to inform about cyber risks, you may have noticed it hasn’t been prescriptive in what technical steps to take. I discussed why such advice may not be helpful to small businesses in the retail sector, here. Yet, we know more needs to be done.
Understand your business and your data dependencies
Make sure that you understand which of your data is most important for your business and protect it first. Don’t delegate this issue to IT. It’s a business problem requiring full management attention.
Continue to educate yourself
Be informed and heed the warnings that are now circulating, so that you can learn from other incidents, and not your own. There are many articles and posts appearing regularly now. There are a lot of little things you can do to reduce attack surface and vulnerabilities. Start somewhere with things that appear common sense to you. The more you learn, the better you will be able to recognize the best offerings and value propositions of protection offerings.
Take advantage of on-line and government resources
Seek out the growing number of on-line resources offering basic advice and steps that you can start with, some which may not require a lot of expense up front.
There are now a number of consultants, security companies and MSSPs, – managed security service providers, that have begun to specialize in offering services to SMBs and non-profit groups. Seek them out. You can outsource services, but you can’t outsource responsibility. Learn to question things.
If you outsource IT services, inquire about their security and compliance fulfillment up front. Choose the provider that’s more security conscious, (not necessarily the best price). Ask for evidence of performance claims, how they back them up, and their due diligence. The thing to remember, is that the goal is the most comprehensive protection you can afford. Great network security is fine, unless attackers attack you through vulnerabilities in your Web applications.
Become an advocate for better cyber prevention
Obviously we are in this fight together. Share resources, and what you learn about what works with business associates and partners. Ask supply chain partners about their cyber security practices if you must share privileges with them. By requiring potential business partners and others to demonstrate or prove their due diligence, the conversation can drive everyone to up their prevention game. And tell your providers about TUX AI.
Don’t forget about TUX AI
We think TUX AI will be a boon to cyber security prevention for SMBs. But there’s another reason why this series didn’t prescribe a lot of technical advice. It’s because one doesn’t need to know it, or understand it with TUX. TUX understands cyber security so you don’t have to. TUX is an artificial intelligence that will continue to learn. But it can do more than a single person can now. So you’re not giving up anything, you’ll be gaining. Plus, you get to keep your cyber security in-house, under your control.
TUX AI delivers a comprehensive bundle of protections that will protect against all major cyber threat vectors that face small businesses today, and in future. The starter package alone, shown on our start page, will fully protect the majority of small businesses. If additional node licenses are required as you grow, TUX will inform you. TUX will protect against malware, phishing, ransomware, insider threat, Web application attacks, email, DNS, the works.
The beauty of TUX AI is that it has been designed for SMBs without cyber security expertise and knowledge. With a natural language processor interface, you simply tell TUX AI what you need protected, and it will proceed to implement the protections for you. It will then self-check and maintain that security going forward, from that point onward. That itself is exceptional protection.
It won’t matter if you can’t afford an expensive, skilled IT security staffer. TUX AI will perform what you need. You may be large enough to have a few IT staff, but they may not be skilled security gurus. TUX AI will fill in the gaps and free them from security drudge work so they can focus on IT tasks that move your business forward.
Keep TUX AI in mind for your small business. I’ve offered my opinion that investment in cyber security protection is becoming an expected cost of being in business. The task in front of SMBs is to find the most comprehensive protection at an affordable price to deliver optimal value. Some might see this as a new form of tax on doing business, but this is just a new reality. From what I’ve seen, cost of prevention almost always turns out to be a fraction of disaster recovery. It certainly is with Trustifier technology.
If you haven’t checked out the TUX quick tour yet, or the protections that the TUX starter package includes, they can be found on our start page, here.