Magazine Article | March 18, 2013

The Top 6 Security Threats To Your SMB Customers

By Jay McCall, Business Solutions magazine.

Helping your customers understand the security threat landscape is the first step to selling managed network security solutions.

According to the Small Business Administration’s Office of Advocacy, there are nearly 6 million small business employers in the United States. The SMB market faces security threats on par with its enterprise counterparts with the added challenge of inadequate IT staffing and security solutions. Cybercriminals and disgruntled employees realize this truth, and they’re all too happy to exploit this vulnerability.

As a trusted IT advisor, there’s a tremendous opportunity to help this $1 trillion market, which is ironically still under-served. I spoke with two security experts to get a better understanding of the security threat landscape your customers face. Following are the top threats your customers face and advice for helping them.

Threat #1: External Storage Devices
“Many serious security problems originate by accident,” says Luke Walling, VP of sales and operations at AVG Technologies. “Employees exchange data with their home computers and third parties all the time. For example, USB drives, external hard drives, CDs, or DVDs are common storage media that are subject to infection.” If external storage devices aren’t at least scanned before accessing company networks, malicious software can easily be released unknowingly, causing problems for everyone connected to the network. The solution is to educate your clients about this threat and show them the advantages of a managed security solution over the free, unmanaged software many of them are using.

Threat #2: BYOD (Bring Your Own Device)
This has some similarities to the first threat, with another layer of complexity added. “The work of the MSP is complicated by the proliferation of personal devices found inside the business network, broadcasting, and acting as a bridge between the inside network, to the cellular network, and finally to the Internet,” says Dr. Alistair Forbes, general manager at GFI MAX. BYOD security problems aren’t limited to your customers’ employees only. “Just about anyone entering your customers’ businesses bring devices that can potentially infect their networks, inventory their equipment, and steal credit and debit transaction data from their wireless networks,” says Forbes. Not only do customers need to be educated about this threat, but they often need help developing policies regarding the devices they’ll support and determining how personal computing devices will connect to their networks.

Threat #3: Phishing Schemes
Traditional phishing schemes, which try to get an employee to open an email attachment or click a link under the guise of confirming a pending delivery or addressing an issue with a bank account, had about a 5% success rate in tricking recipients. “Spear phishing, on the other hand, fools recipients about 19% of the time because it incorporates a vast amount of personal data about the user, which is easily obtained through social networking communities,” says Forbes. “It is difficult to defend against these types of threats because the vulnerabilities are not technology-based, but rather a result of user error.” While no security solution can perfectly thwart the threat of user error, Forbes recommends VARs and MSPs use cloud-based antispam and email filtering solutions, which reduce spear phishing threats and even in the event of a breach can quickly quarantine and limit the damage.

Threat #4: Unpatched Operating Systems And Applications
According to Verizon’s 2012 Data Breach Investigation Report, more than 90% of successful data breaches required only the most basic hacking techniques. “The one simple commitment that VARs/MSPs can make is to patch commercial software quickly,” says Forbes. “Automated patching, the ability to push a single set of patches to a test workstation and then, if things go well, push it to all the machines in the environment is an important investment in securing your customers’ organizations from compromise.”

Threat #5: Data Theft
This type of threat is particularly difficult because it’s often an inside job. “Small businesses very seldom have the tools in place to mitigate this very serious threat,” says Walling. Without the proper security systems in place, a disgruntled employee can walk away with your customers’ entire client database, product patents, and other confidential information. “As more businesses move to the cloud, the problem can actually grow as the traditional on-site file server, which managed access rights and audit logs, is replaced by a shared cloud storage service that’s often designed for consumers, not businesses,” says Walling. Educating your customers on this topic is an essential step in not only helping to protect them, but getting them to understand why a private or hybrid cloud offering, which inevitably costs more than a consumer cloud offering, is well worth the investment.

Threat #6: IT Equipment Failure
Whether it’s caused by a virus or normal wear and tear, your customers’ servers and workstations are eventually going to fail. “What happens if your customer loses all of its data today?” asks Walling. “Or, more common: What if one of your customer’s key employees loses access to their computer for a whole week due to a virus or hard drive failure?” The cost goes beyond the cost of replacing the device and gets into the cost of loss productivity as well as the question of the value of any data lost. The solution, according to Walling, isn’t just having a data backup system in place, but understanding each customer’s RTO (recovery time objective). “Most small businesses today don’t back up their data, let alone have a recovery plan in place that can help them not only to restore their data, but to get back up and running in a timely fashion.”