Tuesday, May 22, 2007

What SMBs Need to Know About Computer Security Threats

I found a handy set of pages by a Victor Ng titled What SMBs Need to Know About Computer Security Threats in a publication called SMBedge which describes itself as "The Pulse of SMBs in Asia Today."

It is basic infosec 101 material that is handy because you can send that link to someone who doesn't know what infosec is--but should--just to get them started. Ng's material is more current than some of the 'intro' articles I had been using for this purpose in the past. You know, when someone says "So, you're a computer security consultant? I got a question. Should I renew that Symantec software that came with the PC I bought last year for inventory? I heard there are zombies out there." What do you tell them? Ask for their email address and send them a link.

Of course, this may be someone to whom you have just paid money for services rendered at the rate of $1 a minute and they are now inviting you to donate about $20 of your time given them a basic education (although they probably won't see it like that). As a CISSP, I always try to strike a balance between politely doing my civic duty and giving them that 10 minute intro and telling them to just go buy a book (valuing my time at $2 per hour minimum).

Usually it takes less than 5 minutes talking to the SMB to figure out if it is in more immediate danger than the rest of us, i.e. doing something really dumb with their systems. If they are, I am obliged, I think, to advise them to call in a professional. If I have the time I might be the professional and do a 10 minute fix for free, but then you start to encounter others issues, like: the problem you are fixing is just the tip of the iceberg; they have no budget; and what about liability if there is no formal contract?

2 comments:

Stephen King said...

I agree with some stuff

S.K.

W.A.G.
(Writers association globally)

Anonymous said...

Well I understand that you’re having some serious network security problems on your home network but can you tell us what you’re last vulnerability assessment turned up? There are many times problems with endpoint security aren’t as serious as they look. I have seen instances where problems appear to rise only because the security management software those networks have in place are just outdated.

Internet security is not always an easy thing to stay on top of. There are so many programs out there, some good and some bad to choose from. Which one or ones you choose can determine your fate in the world of computer network security. Make smart choices, keep your applications up to date so that you can identify threats and don’t be afraid to switch things up if your current software isn’t cutting it.