Wednesday, November 02, 2005
Small Business Network Security 101 (Part 1) - The Real Small Businesses Network Security Issue
According to a Gartner study, 40% of small businesses that use the Internet for more than email will be successfully attacked by the end of 2005. More than half of the businesses attacked will not even know it.
40% is a lot. It seems no small business owner would think of leaving the door of their office open at night, but so many of them leave their office network open for unwanted visitors.
This makes one wonder why this is. Lack of information? Hardly. There are hundreds of advisories (such as "Small Business Network Security 101", published by SofaWare) and thousands of Web sites and blogs dealing with network security (such as this one). Shortage of easily managed solutions? Not that either. So what is it that keeps small business networks unsecure? It seems that there are three main reasons why small business owners do not secure their network.
The first is lack of technical knowledge and proficiency. It's easier to ignore an unknown threat than to learn about it and then look for a solution. Many small businesses do not have a dedicated IT department, much less a network security expert on staff. Since there's no one within the company who can alert the decision makers and provide them with a solution, they either remain unaware until they sustain damage from an Internet attack, or simply choose to bury their heads in the sand.
Secondly, small businesses often tend to regard themselves as "small". Of course someone would want to hack Google or steal documents from NASA, but why would someone come looking for the accounting information of a small real estate office? Simple. It's easy. Large enterprises employ whole
departments whose purpose is to keep the corporate data safe. Small businesses, in some cases, don't even use firewalls or regularly update their operating systems.
The last reason small businesses do not protect their network is simply that no one told them to do so. To make network management simpler and cheaper, small businesses often turn to outsourcing for network connectivity solutions. The solution providers, however, have a hard time "selling" security, because it's simply too complicated to explain and very often regarded as an unnecessary commodity.
Businesses become more dependent on the Internet and use it to expand and extend their business reach, but they don't always think of the potential cost of the profitable opportunities the Internet has to offer.
Is there a solution? Perhaps. Regulatory requirements such as Sarabnes-Oxley, GLB, and HIPAA require businesses to give some thought to network and data security in order to meet industry standards. Awareness is on the rise, with the ever-growing array of viruses, worms, phishing scams, and other on-line nasties becoming more of a threat with each passing day.
Next Time (Part 2):
"So What's Out There?"
40% is a lot. It seems no small business owner would think of leaving the door of their office open at night, but so many of them leave their office network open for unwanted visitors.
This makes one wonder why this is. Lack of information? Hardly. There are hundreds of advisories (such as "Small Business Network Security 101", published by SofaWare) and thousands of Web sites and blogs dealing with network security (such as this one). Shortage of easily managed solutions? Not that either. So what is it that keeps small business networks unsecure? It seems that there are three main reasons why small business owners do not secure their network.
The first is lack of technical knowledge and proficiency. It's easier to ignore an unknown threat than to learn about it and then look for a solution. Many small businesses do not have a dedicated IT department, much less a network security expert on staff. Since there's no one within the company who can alert the decision makers and provide them with a solution, they either remain unaware until they sustain damage from an Internet attack, or simply choose to bury their heads in the sand.
Secondly, small businesses often tend to regard themselves as "small". Of course someone would want to hack Google or steal documents from NASA, but why would someone come looking for the accounting information of a small real estate office? Simple. It's easy. Large enterprises employ whole
departments whose purpose is to keep the corporate data safe. Small businesses, in some cases, don't even use firewalls or regularly update their operating systems.
The last reason small businesses do not protect their network is simply that no one told them to do so. To make network management simpler and cheaper, small businesses often turn to outsourcing for network connectivity solutions. The solution providers, however, have a hard time "selling" security, because it's simply too complicated to explain and very often regarded as an unnecessary commodity.
Businesses become more dependent on the Internet and use it to expand and extend their business reach, but they don't always think of the potential cost of the profitable opportunities the Internet has to offer.
Is there a solution? Perhaps. Regulatory requirements such as Sarabnes-Oxley, GLB, and HIPAA require businesses to give some thought to network and data security in order to meet industry standards. Awareness is on the rise, with the ever-growing array of viruses, worms, phishing scams, and other on-line nasties becoming more of a threat with each passing day.
Next Time (Part 2):
"So What's Out There?"
