A group of security experts on Wednesday offered their thoughts on what SMBs need to focus on when coming up with a coherent IT security plan.
One of several seminars being featured during Ziff Davis Internets SMB (small and midsize business) Solutions Virtual Tradeshow, a hot-button virtual panel titled "Security Priorities: Getting the Most Protection for Your Dollar" featured three presenters.
Each presenter examined different aspects of the SMB security issue, along with polls and a question-and-answer interactive box for participants to type in questions relating to the topic.
The first speaker, Michael Grieves, consulting partner for channel strategies firm Core Strategies and director of research of the MIS department at the University of Arizona, said that because smaller businesses dont have the resources of their larger brethren, members of such organizations "have got to go look in the mirror" to find somebody to handle their security needs, adding that it is a fairly lonely proposition.
Grieves went on to present a set of what he called "realistic security steps" that SMBs can use to protect themselves and to sense and respond to incidences without needing the sorts of resources to which larger enterprises have access.
According to Grieves, these four steps are making IT security a priority; taking obvious steps such as keeping systems up-to-date and implementing virus protection; being paranoid about security; and developing an emergency plan of action before any emergencies arise.
In making security a priority, Grieves brought up strategies that are equally necessary in large enterprises.
He said that it is important to make employees understand that they need to notify the appropriate people if a glitch arises, because too often, non-technical people assume that they are at fault rather than the computer.
Also, decision makers must remind employees of this on a regular basis, or else risk having the cyber-equivalent of a smoke detector that doesnt work because no one bothered to test it.
In discussing his dictum that "only the paranoid survive," Grieves said that incoming e-mail is by nature questionable e-mail and that people should make it a rule not to open attachments without first checking to see whether the attachment came from a reliable source and was expected.