Five Security Mistakes that SMBs Make and How to Correct Them

GFI Tip Sheet:
Five Security Mistakes that
SMBs Make and How to
Correct Them
When it comes to protecting your IT infrastructure, you want to keep
critical business data secure, critical systems up and running, and
employees safe from always-evolving threats. Yet, the reality is, with
an organization of your size, the responsibility of IT often falls to just
one person – meaning that oftentimes, the most pressing priorities
take a back seat to other, unplanned, IT-related issues. With limited
resources, time savers are welcome, but common security shortcuts
may put your company at risk – costing much more than time in the
long run.
Is your company making serious security mistakes? Here are five of the most common security missteps and their
simple solutions:
1.
Relying Solely on Your ISP or Gateway Appliance
So often, SMBs rely solely on their Internet Service Provider (ISP) or gateway appliance to cover their security
needs. However, when you put full trust in your ISP, devices are not protected outside your network. And
when you do the same with a gateway appliance, you’re unwisely assuming that security risks only stem from
outside your corporate network. In reality, today’s network boundaries are blurred with the rise of mobile
devices and mobile workers. New attack vectors are introduced regularly in the form of smartphones, external
hard drives, USB sticks, etc., which may lead to users unknowingly introducing malware to your organization.
The solution – get layered protection
SMBs should not rely solely on protection at the perimeter. Endpoints are an easy target, and without the
proper protection in place, can bring down a network. An additional layer of security is needed to protect
against internal and external zero-day threats. With an endpoint security solution, user devices connected to
your network are secure and you’re able to block certain devices by type, file extension or port – scaling your
protection over time, as users grow and devices evolve.
2.
Choosing a Consumer AV Product over a Business AV Solution
While consumer antivirus products may seem like the best or cheapest solution for your business, they take
control of security away from administrators and give it to end users – who may or may not be qualified to
receive it. Even in small environments, the admin needs some control over what to allow to prevent costly and
time-consuming mistakes by end users.
Another disadvantage of using a consumer antivirus product is that there is no way to determine if the
software is up to date with definitions and engine versions. So your business may not be protected from the
latest and most sophisticated malware threats.
The solution – choose a business AV product
SMBs need AV solutions tailored to their needs. Business AV products allow for centralized management and
control of all user machines and centralized reporting for tracking purposes. They make the day-to-day easier
for your organization, providing a higher level of protection that’s more easily managed than consumer AV
products.
VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them
2
3.
Assuming Upgrades are Automatic
Patch management is an essential IT task, but scanning for and deploying patches is time-consuming and
often overlooked. New advisories on software security vulnerabilities are published daily, so it’s easy to
understand why many SMBs put full faith in their security solutions – assuming patches are automatically and
regularly maintained.
Unpatched computers pose a huge risk to your network – providing an open window for hackers and virus
writers to exploit. Major attacks tend to occur in the hours immediately following the release of a new patch,
when computers are most vulnerable.
The solution – be proactive
Stay on top of the latest patch releases or automate the entire process with a patch management solution that
does. From assessing the impact of vulnerabilities to testing security updates, an automated patch solution is
an easy and cost-effective way to safeguard your systems and network.
4.
Lack of User Education
A large percentage of successful malware attacks do not exploit technical vulnerabilities, but leverage social
engineering tactics to prey on users’ emotions. Despite this, very few SMBs consistently communicate with
employees about the threat landscape, including what they should – and shouldn’t – be doing online and
why.
A recent GFI Software survey found that 44% of respondents “sometimes” educate employees; 22% “rarely”
educate; and 6% “never” educate. So what happens if an employee opens an email with a malicious
attachment? Or accidently downloads spyware from a seemingly innocent website? Or installs pirated
software that infects their machine? These are only a few of many reasons why employee education is critical.
The solution – raise awareness
Employees can easily put your organization at risk inadvertently. Therefore, it’s vital to communicate the
importance of security and the role they play in keeping your business and data secure. Simple dos and don’ts,
such as “don’t open suspicious emails” and “do follow our instructions to download security updates” will help
drive compliance with your security, email and Internet policies. Whenever new malware threats arise, send a
security update. The more employees hear from you, the safer your organization will be.
5.
Trading Performance for High Effectiveness
Most anti-malware solutions have continuously evolved to address new threats, but the protection comes at a
price – placing high demands on system resources and slowing performance. This is due to vendors retooling
their products by adding new layers of spam and virus capabilities rather than building better, more efficient
core code. So often SMBs accept this poor performance and work around it, scheduling scans off-hours or at
non-peak times for minimal impact on productivity.
GFI surveyed SMBs on what’s important to them when it comes to AV – 100% said “performance.” Yet, when
asked what they don’t like about their current AV solution, “performance” was given as the top answer for
three of four competitive vendors. Clearly, many SMBs are sacrificing performance for effectiveness with
resource-hogging solutions.
The solution – eliminate bloatware
If you’re frustrated with how your email security solution affects end users’ machines, there are other options
available. See how your current solution stacks up to alternatives in the market in terms of scan times, memory
VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them
3
consumption and CPU utilization. Do your research – see how the IT publications and industry analysts rate
your current offering and find a solution that’s the best fit for your business. You deserve unrivaled threat
detection and fast system performance – don’t settle for anything less.
If any of these security mistakes ring true, you’re not alone. Thankfully, they are easy to avoid – when armed
with the right information. Take these steps to keep your business safe now and in the future.
About GFI
GFI Software provides Web and mail security, archiving, backup and fax, networking and security software and
hosted IT solutions for small to medium-sized enterprises via an extensive global partner community.
About GFI VIPRE® Antivirus Business
The VIPRE Antivirus Business product line delivers antivirus and anti-spyware protection, client firewall and
malicious website filtering technologies to protect SMBs from ever-changing and sophisticated malware threats.
VIPRE Antivirus Business stands apart from other AV solutions due to its single, powerful threat engine, minimal
impact on system resources, ease of management and fast scan times. VIPRE Antivirus Business is available as a
free 30-day trial. Test drive VIPRE today and see why SMBs rely on VIPRE Antivirus Business to keep their network
protected: Click Here
VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them
4
GFI 2011 june02
USA, CANADA AND CENTRAL AND SOUTH AMERICA
15300 Weston Parkway, Suite 104 Cary, NC 27513, USA
Telephone: +1 (888) 243-4329
Fax: +1 (919) 379-3402
Email: ussales@gfi.com
33 North Garden Ave, Suite 1200, Clearwater, FL USA
Telephone: +1 (888) 688-8457
Fax: +1 (727) 562-5199
Email: vipresales@gfi.com
ENGLAND AND IRELAND
Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK
Telephone: +44 (0) 870 770 5370
Fax: +44 (0) 870 770 5377
Email: sales@gfi.com
EUROPE, MIDDLE EAST & AFRICA
GFI House, San Andrea Street, San Gwann, SGN 1612, Malta
Telephone: +356 2205 2000
Fax: +356 2138 2419
Email: sales@gfi.com
AUSTRALIA AND NEW ZEALAND
83 King William Road, Unley 5061, South Australia
Telephone: +61 8 8273 3000
Fax: +61 8 8273 3099
Email: sales@gfiap.com
Disclaimer
© 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners.
The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express
or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not
liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from
publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee
about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out-of-date information, or errors. GFI makes no
warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document.
If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.
VIPRE Antivirus Business | Five Security Mistakes that SMBs Make and How to Correct Them
5