You can't secure what you don't acknowledge.SM

Thursday, July 1, 2010

Lack of security in SMBs? Only if you make it so.

This new piece from Dark Reading on lack of security in SMBs hits some interesting points. I agree with the fact that many SMBs overlook security, at least until it's too late. But I see things a bit differently than some of the things stated and quoted such as:
  • "SMB have historically not given security much thoughts"
  • "With budgets so slim, organizing security in an SMB is difficult"

SMBs make up a large portion of my business performing independent security assessments. If SMBs choose to address security - and many of them do - then they tend to find the budget to make it work. It's like any other business priority. Granted there are millions of SMBs in the U.S. and I'm sure a majority of them don't take security seriously. But there are many, many SMBs out there with leaders who do. It's all a matter of choice. It's the ability of SMB leaders to think long term.

In this same article, Robert Richardson with CSI, hit the nail on the head when he said
"Small businesses have the opportunity to be a lot more protected because they have an opportunity to be a lot more uniform in how they implement policy."

This is the thing that stands out to me the most. It's indeed an opportunity to do it now when it's easier and cheaper. Do security right up front when things are small and straightforward and the business can grow into the established infrastructure as it evolves. It's an amazing thing but it really works and there's a profound payoff for the SMBs that make it happen.

Check out my Smart IT blog at if you're interested in further reading on information security in SMBs.

Monday, June 28, 2010

Secure your home Wi-Fi or forever hold your peace

Google has provided us with yet another reason to keep our home wireless networks secure. Speaking of that, in case you're wondering where things stand, here's a great tool for finding out just how vulnerable your wireless network utilizing WEP and WPA-PSK can be.

Our society's continued privacy invasion never ceases to amaze me. And we, by and large (especially with Google), just blow it off and move on.

Mobile security problems & solutions: our podcast from Gartner

Eric Green has put together a very-well produced podcast from last week's Gartner conference where Larry Ponemon, Stan Gatewood, and I discussed mobile security risks and metrics on the show floor.

Also, check out Eric's other podcasts on his site...very sharp guy.