Security 2.0 for Indian SMBs

BANGALORE, INDIA: Indian small and medium businesses (SMBs ) are for their late adoption of information technology solutions for various business areas, but this trend seems to be changing with new-generation SMBs bringing in a tech-savvy approach to doing business.

Primary areas for IT spending for these companies continue to be those solution areas which are prime business drivers. Data security being a prevention than cure, often tends to attract lesser attention, budget and people.

With a majority of the SMBs  not even having a dedicated information systems personnel or policy to take care of their IT networks and systems, they are quite vulnerable to security threats. And the sheer fact that losing a specific intellectual property or work in progress could have detrimental impact to an SMB’s business, makes the case more serious.

The last decade has commoditized security solutions for protecting IT networks of an organization. To this extent, penetration of anti-virus, anti-spam, anti-spyware and Firewall solutions into SMBs  have been on an upside. Most organizations realize the needs for adopting these solutions but resist or restrict it because of priority, budget or lack of dedicated people.

Adding to the woes of an SMB CEO is the adoption of new technologies and systems which have changed the way in which people used to work, which, in turn, has called for the need for embracing Security 2.0.

Medium of data transfer has switched from paper to disks, USB sticks, mails and Web uploads. Working device has changed from desktops to laptops and PDAs. A majority of SMBs have not even assessed the impacts of these paradigm shifts in work place in data security, let alone implementing right solutions to tackle it.

With most of the small and lower medium companies having a single person to take care of all IT needs, the issue of knowledge management pertaining to data back-ups and security framework becomes critical.

SMBs could look in for a four-point approach to meet the growing demands of Information Security

1. Define a security policy for the organization and assign own or outsourced resources for taking care of network and data security. Periodic system audits to understand changing security needs of the organization would be the key. For small and medium-sized organizations, it would be prudent to outsource this activity to a competent freelancer or a company, given the issues in recruiting, training and retaining the talent in an area which is not the organization’s core competence.

2. Apply end-point protection methodologies for securing data on laptops, desktops and PDAs. Define a disaster recovery policy which could be as simple as periodic data backs ups and storing them at two physically separate locations. One of the key aspects which is often overlooked is the restoration of backups which should be practiced through mock drills rather than waiting for the real disaster!

3. Identify data transfer mediums deployed at various levels of organization – USB sticks, disks, emails, Web uploads etc. A combination of processes, awareness and relevant security solutions could do the trick of countering the threat of losing proprietary and confidential data through such mediums

4. Document the security frameworks established in the organization, backup details, security issues, access  permission to different employees etc. Ensure that these documents are verified and transferred when there is change of hands in Information systems team.

Author: Satish Kumar, director of Axcend Automation & Software Solutions