I am sorry, but if I hear another IT person or manager express that they do not know how they were target by malware when they have Anti Virus I am going to scream.
The issues and problems associated with Business Security needs to have a different and more refined and robust focus than normal IT.
They need to focus on what the bad guys are actually capable of.
Normal IT, in most organisations, have a primary focus of keeping the lights on, making things work and keeping it functional.
We have to stop thinking that Business Security is the realm of IT, because it is not.
Business Security is a whole of business process and HAS to be treated that way.
This is why you need a professional who is focused on the security component of an organisation.
Someone who can cross all of the areas of the business and get all levels involved in the process. For small and medium business, this is an expense that few can afford.
The ways that a system and organisation can be compromised are numerous, and in most ways are practically invisible to small and medium sized organisations.
There are also numerous reasons that they are targeted, but automated systems are the primary contender.
The only reason they are targeted is that they are connected to the internet.
The bad guys need no other excuse than you have a digital device and it is connected to the internet.
In addition small and medium organisations do not have the three things that are vital to protecting the organisation:
Investing in these things are normally outside the purview of ordinary business.
Its not from want or trying.
Most want to be secure.
They just do not know how to get to that next level, and if they knew would not have the above resources to make it happen.
Cybersecurity / Business Security is a typical catch 22 situation.
You need to invest in the skills, time and money but do not have the skills, time and money within the organistion to be able to apply what you need.
This is why you need a framework.
A framework that is going to apply a progressive protection strategy around the business.
That framework can be any of the available frameworks but for small and medium business i think that mine would be a great place to start.
My framework puts technology, management, adaptability and compliance into a system where each additional components makes the organisation just that little bit more secure.
Try it here
In addition a managed Security Service Package is a great way to make your money, expertise and time go a lot further.
Most MSSP’s will look after all of those critical components of an organisation.
They have the skills to do it, they have the expertise to make it more secure than an untrained person and will definitely make your money go a lot further.
Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework. Rapid Restart Appliance Creator. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.