Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

IT security best practice guidelines for SMEs

Promisec : 28 August, 2007  (Technical Article)
Promisec issues advice to small and medium sized enterprises for fighting IT threats without facing the costs associated with larger businesses.
Promisec has issued network security best practices for use by small and medium enterprises (SMEs). SMEs face a different set of security challenges than enterprises and must adapt security policies and practices accordingly to avoid costly intrusions that can cripple or substantially harm the company.

According to Promisec, SMEs face unique security challenges by having to protect against many of the same threats as enterprise customers but without the IT staff, budget and experience utilised by larger IT shops. The limited IT security resources place a higher burden on SMEs to develop a comprehensive security policy that can be automated by leveraging available technology instead of relying on human monitoring to identify and correct security problems.

'SME customers have just as much risk from security breaches but are more susceptible to these lapses because of inexperience to understand the nature of the security threats. They also have substantially less financial and technical resources than enterprises have access to in building their corporate security infrastructures,' said Amir Kotler, CEO of Promisec. 'Promisec understands the challenges facing the SME and we are offering our expertise and experience to help them deploy a strong security strategy built around the simple but powerful agentless architecture of our Spectator Professional endpoint security technology.'

While SMEs need to be on guard against external threats that can penetrate a network and compromise company data, the more serious threats are likely to be internal. A recent Gartner Inc. survey showed that 80 percent of security threats originate within the network, rendering tools running on network gateways completely ineffective.

Internal threats come from a variety of sources, some intentional and some innocent, including the installation of unauthorised applications, disabling or failing to update installed security software, firewalls or proxies, emails with malicious attachments, and keystroke loggers. Perhaps the most dangerous threat is the use of unapproved storage media, such as CDs, DVDs, USB storage devices, infrared, modems and WiFi. These devices can be twice as dangerous with the ability to not only introduce security threats such as malware and viruses onto a previously secure network, but also download and remove sensitive company data.

To minimise or eliminate these security threats, Promisec recommends these security practices for SMEs:.

* Develop written guidelines to establish company-wide security policies - These policies will clarify safe practices for all employees, minimising the potential for internal threats coming from employee ignorance of the potential threats.

* Deploy a Layered Security Infrastructure - Different threats require different security tools, ranging from anti-virus software to hardware firewalls. To be truly effective, an SME data protection solution must encompass a variety of these tools to protect against the diversity of security threats.

* Automate the Security System - Given the IT budget constraints of most SMEs, it is unrealistic to expect them to have a dedicated network security administrator to monitor and respond to security threats. Instead, SMEs need to automate the system with a security tool such as Promisec's Spectator Professional that universally monitors and remediates all security software and hardware on an ongoing basis to weave the individual protection components into a comprehensive self- healing system.

* Review and Refine the Security Baseline - After reviewing the threat and remediation reports from Spectator, SME security polices should be updated and strengthened where needed to address the most serious threats.

Spectator Professional is Promisec's answer to SME network security, providing organisations with a complete security solution that protects against threats originating within the internal network, caused by an organisation's own users or other insiders. The solution is a software-only solution that is normally installed on an administrator's desktop or on a dedicated server. With detection, repair, prevention and monitoring modules, Spectator Professional delivers a comprehensive solution to manage security and compliance on all organisation network endpoints and servers. It identifies threats that have bypassed gateway security systems and embedded themselves in the network - rogue access points, modems or any other peripheral device added to any network endpoint or server, and unauthorised processes or applications. It then remediates the threats before they can cause a security breach. Spectator Professional also continuously inspects each and every endpoint and server in the network to ensure compliance with company policy and with applicable regulatory statutes.

Visit the Promisec Website to learn how to improve SME endpoint security. Promisec Spectator Professional is available through resellers across the UK.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo