Security Outsourcing For The Small Business

When youre too small to have a security staff, a third-party provider can help. Heres how to make the connection

[Excerpted from Security Outsourcing For the Small Business, a new report posted this week on Dark Readings
SMB Security Tech Center
.]
When it comes to security for small and midsize businesses, the only thing small is the budget. SMBs have to worry about the same things large enterprises do, including increasingly sophisticated malware and Web-based threats, denial-of-service and Web application-based attacks, spam, social engineering attacks, regulatory compliance and insider threats.
However, while a large enterprise often has dedicated information security professionals working alongside IT professionals, the IT staff at an SMB may be just one or two people responsible for keeping the infrastructure up and running, for compliance and defending against all manner of threats.
For many of these businesses, security is part of the conversation because of contractual obligations. An SMB working with a larger enterprise may be told that in order to access certain data, the SMB needs to have an encryption strategy in place. Even if the small business is exempt from Payment Card Industry Data Security Standard requirements, the larger partner may demand PCI compliance as part of doing business.
Its a lot to keep track of, and SMBs are increasingly looking to security consultants, value-added resellers and security service providers to ease the security burden and make those budgetary dollars stretch a little further.
At minimum, SMBs need to think about spam and malware filtering to protect their networks from being compromised or simply bogged down by unwanted email traffic. They also need Web protection to make sure employees dont accidentally wind up on malicious sites.
Smaller businesses should also focus on the risk management of their business processes, data assets and associated information infrastructure (people, processes, procedures and technology), says John Pironti, an adviser with ISACA (formerly known as the Information Systems Audit and Control Association) and president at IP Architects.
Instead of securing the vessel [the technology], focus on securing the asset or the data, which has the real business value, says Pironti.
The best thing an SMB can do is complete a comprehensive security assessment to fully understand the risks, says Janeen Blanton, VP of insurance productivity services and the Agile Center of Excellence at Salient Commercial Solutions. Often these assessments uncover vulnerabilities that the company wasnt even aware of.
To read more about the security services that SMBs should consider using -- and to find out how to choose and pay for them --
download the free report on security outsourcing for small businesses
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Security Outsourcing For The Small Business