2016 Guide to Data Protection for a Growing SMB
Data protection measures are a non-negotiable for any business. A data breach can cost a company of any size a significant financial sum and damage its reputation.
When data theft occurs to a big business, it makes headlines. But data theft is even more crippling for a small business. Worse yet, small companies are specifically targeted by data thieves looking to take advantage of lax security attitudes taken by small companies.
In fact, Trustwave research reports that small merchants comprise 90 percent of data breaches that impact businesses. Most of the time, businesses aren’t even aware they have been compromised until another party traces the breach back to the company. SMB data theft doesn’t make big headlines, but you can be sure it happens.
So what can a small business owner do to prevent data theft? Protect your network with a combination of hardware and software solutions, and train yourself and users to identify potential threats that make it through the filter.
Data protection tools for the company website
A company web site often contains user login credentials and other sensitive information. This makes them an attractive target for cyber criminals prowling for data. According to staysafeonline.com research, one in five small business websites succumbs to cybercrime each year.
For website security, small business owners need to use the entire network to protect their data.
Take advantage of cloud providers’ tools
If a website is cloud-hosted—like on wordpress.com, squarespace.com, or another such cloud platform—users have built-in tools to monitor and authorize access to websites. Ideally, you should seek out managed hosting with a company that has a reputation for security. Look for features like:
- Attack monitoring and prevention
- Constant reviews and patches of known security threats—namely those affecting your publishing platform and plug-ins
- Up-to-date server software, specifically the most recent version of PHP
- The ability to isolate and contain threats on its own servers
For more a more detailed look on cloud security, read: 5 Ways to Mitigate Cloud Computing Risks
Use common sense with passwords and admin rights
The biggest point that publishing platforms like WordPress hammer home in their content is proper password management. Even if your website logon isn’t among the worst passwords of the year, it still makes sense to keep it unique from all the other passwords that you use, and by all means, keep it to yourself.
If you have trouble managing unique passwords, password management tools are built into most antivirus & Internet security software.
Security pointers for self-hosted web sites
Hosting a website on your own web servers gives you more control over your data. It takes more expertise to manage your security profile, however.
A few simple tips to mention about data protection at the server level:
- Delete application installation folders.
- Change your database table prefix.
- Use security plugins—Wordfence is a popular example for self-hosted WordPress sites.
If you want to get in depth, there are entire courses and books on net security. For an annotated list of tips and tricks from few leading security software vendors see: Website Security Tricks You Can Do Without Purchasing Anything.
Data protection tools for your internal network
As your business grows, your network will need to expand to accommodate more devices. This starts with upgrading the router. The hallmark of a quality business-class router is additional security features that a typical home router may not have. This helps separate good web traffic from potentially harmful traffic.
Dual channel wireless and other Wi-Fi security features
Modern wireless routers play a prominent role in small business networking. Most routers sold today offer multiple SSIDs (Service Set Identifier) which sets apart the guest wireless from the internal network used for a company’s PCs, peripherals, and other devices.
Additionally, wireless routers have other configurations that help small businesses be more secure and productive by:
- Blocking NSFW and productivity killing web sites
- Enabling wireless printing
- Enabling networked file sharing
Learn more about these features and configurations in the Wireless Router Configuration Guide for Small Networks.
What business-class security features should a router have?
For a small 10- to 20-person network, a router with stateful packet expansion (SPI) and hardware encryption provides sufficient baseline security. Other features to note are secure socket layer (SSL) and IP Security (IPsec) capabilities, which aid in establishing a secure VPN (virtual private network) connection if you or your employees connect with your networked assets from outside the office.
Find more information in the Guide to Buying a Small Business Wired or Wireless Router in 2016.
Next generation firewalls and UTMs
Once a network grows beyond 20 users, a company should consider upgrading to a more powerful security appliance. This is where you will start looking at next-generation firewalls (NGFW) and unified threat management devices (UTMs).
NGFWs and UTMs are able to provide more sophisticated packet inspection than the SPI method used by small business routers. These devices allow more precise control over security resources. This lets network administrators balance latency and performance as it applies to network security.
The key features that you want NGFWs and UTMs to provide include:
- Gateway antivirus
- URL blocking and content filtering
- Intrusion prevention
Note that UTMs and NGFW hardware may bundle in endpoint protection software on a subscription basis. Typically this software and support is purchased for between one and three years. The more expensive SKUs usually include a longer term of subscription. These subscriptions eliminate the need for buying additional antivirus or antimalware solutions.
Security Software Endpoint Protection for SMBs
Most antivirus and antimalware solutions geared for small organizations are designed with features for simplified installation and administration. Someone with a basic technical understanding of computers and networking should have no trouble deploying these solutions.
The basic feature set SMBs should look for when choosing security software include:
- Antivirus and antimalware protection
- URL blocking / content filtering
- Centralized controls / dashboard
- Data backup and restoration controls
The size of the business is perhaps the most important consideration for a growing business selecting endpoint security software. Antivirus and antimalware solutions are sold by subscription. This covers a set number of devices for a specified length of time.
For example, this package of ESET NOD32 Antivirus covers one PC for a period of three years. Compare this to a package of McAfee Antivirus Plus which covers unlimited devices for a period of one year. There are slight differences in feature sets as well; make sure to refer to product pages for details and specifics.
Also be aware of what types of devices need protecting when choosing security software. Certain packages have specialized features for mobile devices. For example, ESET Multi-Device Security covers five PCs and five Android devices for a one-year term. This security software includes mobile device management features that guard against data theft in the event the mobile device is lost or stolen.
Remember that running security software uses computer and network resources, so it’s generally not advisable to run more than one solution. Many security techs recommend running antivirus in tandem with antimalware software, which you can learn about here: Considerations for Layering Antivirus Software
Companies around 10 seats and under can compare security solutions and products in the Antivirus & Internet Security store. Companies larger than 10 seats should shop for bulk subscriptions in the Licenses store.
You will find details about End User License Agreement (EULA) on NeweggBusiness product pages. If you have additional questions regarding user agreements, our Account Executives are here to help at (888) 482-6678.
So which is the best antivirus solution?
We encourage reading user reviews on product pages when comparing security software—or any product for that matter—on NeweggBusiness. There are several sites that claim to objectively rate security software periodically. The testing and lab scenarios vary, but the ratings generally are based on number of threats detected and the amount of false positives flagged in the process. Here are some reputable sites worth reading if you would like to deep-dive into pro AV testing.
Final thoughts: User training is the best data protection measure
Technical tools and solutions can filter out most phishing e-mails, block malicious websites, and prevent users from unwittingly clicking on bad links that invite cyberthreats into your business network. More effective than any of these solutions, however, are users that can spot malicious attempts to compromise data security. Learn more about training users for data protection: 10 Steps for Effective Anti-Phishing Training.