SMBs – Where to Start With Security
Every day another stat laden article on how SMBs are not prepared to combat security threats. We’ve all seen these articles in our LinkedIn feed, vendor marketing, media reports and direct contacts with sales personnel promising security nirvana with their technology.
I get it SMBs need help. Phishing, ransomware, malware, password management and inside threats are just some of the risks SMBs face each day. SMBs are especially vulnerable due to budgets, lack of skilled security personnel and adopting a “state of denial” or “head in the sand” attitude. Additionally, there is a term SMBs should understand: Collateral Damage. If you’re not attacked directly you will be through proximity to a larger target or through being part of the ecosystem of your client, partner, vendor, etc. SMBs are in a battle and need help beyond vendor FUD.
There is plenty of expert information available to help SMBs fight this battle. All good advise and worth the effort to research. However, there is one suggestion we don’t hear much about and is a great place for SMBs to get educated: The National Council of ISACs.
The concept of ISACs was formulated in 1998 pursuant to Presidential Decision Directive-63 (PDD-63). This resulted in the creation of sector specific information about threats/vulnerabilities and exist to foster sharing and offer best practices for mitigating cyber risk. Some of the sector specific information include: Automotive, Aviation, Elections, Communications, Financial Services, Health, etc. So, if you’re an SMB and are struggling with how to start managing cyber risk take some time to visit ISAC and your specific business sector. Sign up for membership.
A good place to start developing your security posture (without the vendor FUD).