9 Ways Your SMB Can Implement Layered Security Today

Keeping data and resources safe in your small to midsized business (SMB) requires a little more than simply deploying endpoint protection software. That's not only because direct hack attacks have become more sophisticated in recent years, it's because many of those attacks are now automated. Much of today's malware simply crawls the internet looking for open vulnerabilities, so if you've left holes in your digital fence, sooner or later those robo-bad guys will find them. The best defense against this kind of auto-barrage is a layered approach to business security. How many layers you choose, how much you spend, and which aspects of your business you choose to defend are entirely up to you. Many of those choices will depend not only on what kind of business you're in but also on how you operate that busienss. Still, there several steps every business can take to good effect when it comes to IT security and we've compiled 9 of them below.

Before we explore the tools and protocols required to keep you safe, it's important that SMBs keep two things in mind: 1) It's not just your data that attackers are interested in accessing. They might be trying to access your network in order to pilfer data from your much larger, much more powerful clients. Getting hacked, divulging information from a Fortune 500 client, and then being sued by that client could potentially sink your company. 2) You shouldn't feel secure having survived one minor attack. Once you prove yourself a viable target, hackers will continue to look for ways to exploit you.

"SMBs need to stop thinking they're the target," said Liviu Arsene, Senior E-Threat Analyst at Bitdefender ($286.99 for 5 Devices for 1 Year at Bitdefender) . "More than anything, SMBs need to be concerned about their clients. The SMBs might not be the end of where the attackers are going to go. Also, stop thinking you won't be attacked again. The usual cybercriminal thinks, If I did something and it worked, why won't I try it again?"

With these two concerns in mind, take advantage of the following tools and protocols designed to defend your company from even the most ingenious and vicious cyberattack.

1. Web Application Firewalls

The first and most important layer you should consider is a web application firewall (WAF). One of the more basic security protocols, WAFs are designed to restrict common exploits from affecting your apps. With a WAF enabled, you'll be able to control web portal and web app traffic that enters your apps and you'll block common attack entry points and patterns. You'll also be able to automate these processes for future attacks in order to dedicate personnel to more pressing concerns.

"If SMBs are running databases and updates, there will be vulnerabilities with those systems that need to be patched," said Arsene. "But, if you can't update your database for whatever reason, you could install a WAF that prevents attackers from exploiting vulnerabilities in the not-updated version of your database."

2. Spam Training and Anti-Spam Software

SMBs that don't have much budget to dedicate to security can easily and inexpensively protect themselves against one of the newer and more common attacks. Business Email Compromise (BEC) attacks target companies with scam messages that extract information from unknowing recipients.

An excellent example of a BEC attack is a fraudulent email sent from someone pretending to be the company's CEO to the company's human resources (HR) department. Without realizing that he or she is being scammed, an HR manager willingly sends personal employee data to the scammers. From 2013-2015, more than 7,000 of these attacks occurred, totaling losses of nearly $750 million, according to FBI data.

Fortunately, you can train your employees to look for these emails or any other kind of SPAM attack so that they can alert IT if they receive something that looks suspicious. "SMBs usually have no security budget or a low security budget," said Arsene. "My recommendation would be to start training your employees with SPAM, fraudulent emails, suspicious attachments, and so on."

3. Keep Software Up-to-Date

Most of the apps that you install require constant patching in order to ensure that their security layers are up to date enough to effectively defend against the latest exploits. Your web browser and your desktop, database, and server operating systems (OSes) are prime examples of software that hackers will look to exploit. Make sure that you always run updates when prompted by the software vendor. If possible, automate these updates but first make sure that automatic changes don't harm other aspects of your business.

If you don't have an IT professional on staff, be aware that updating an entire business can be done automatically in several ways. Very small businesses can simply make auto-updating part of a standard set of user device deployment steps. However, medium to larger businesses can employ several different kinds of patch management tools that can come either as part of a larger desktop management suite or as individual IT tools. These management aids let you decide which users, devices, and apps get updated and exactly how often.

4. Endpoint Protection Software

By implementing a Software-as-a-Service (SaaS) or hosted endpoint protection solution, not only will your users get the benefits of a sophisticated antivirus solution, you'll also be able to diagnose the status of the computers, mobile devices, and apps that attempt to connect to your network. Unlike antivirus programs which monitor individual devices and programs, endpoint protection tools determine if your entire company's OSes, web browsers, and apps are using the latest security protocols. They also ensure that your WAF is constantly kept up to date, and they even hunt for emerging threats like ransomware.

A new trend in this category is automated or intelligent response. Whether this is based on simple if-then or actual artificial intelligence on the vendor's part, the effect is the same: the endpoint solution detects a threat and instead of simply quarantining the file and issuing an alert, it actually responds to the threat with protective measures. The effectiveness of these responses can vary not only by software vendor but also by how you configure the system.

5. Next-Generation Firewalls

Unlike WAFs, which protect your web portals and web apps from incoming traffic, next-generation firewalls (NGFs) monitor and flag outgoing and internal suspicious traffic. Which apps are your employees using? How much bandwidth is being used by a particular department or specific app? If either of these scenarios is creating an anomaly within your system, then the NGF will alert your IT team; they'll then be able to inspect the issue to determine if an attack is occurring.

While most of these solutions still reside on-site, some are become cloud services, essentially routing all your organization's internet traffic through a service provider who takes appropriate firewalling action. The benefit here is that these services are run by experts who do nothing but optimize their firewalls all day. The downside is that it could have significant performance impact on your web application traffic, so be sure to test such services carefully before deploying.

6. Backup and Recovery

You won't be able to prevent every attack so, just in case you suffer a total meltdown, you need to have contingencies in place. Those should start with a competent business-grade cloud backup solution, and that's a hard and fast rule no matter what business you're in or how you're doing it. You gotta have backups, and not just one set but several on multiple tiers. That means instead of simply running one backup solution once a week, you run several; one once per day, another once per week, yet another once per month. These should use different end media and preferrably be stored in different locations, even different locations in the cloud if you're doing this solely using cloud services. This sounds complicated, but if you tune in to our reviews, you'll see the cloud has made this so easy it's almost set-and-forget. The benefits of doing so far outweigh the short-term configuration chore, so if you haven't done this yet, you should stop reading now and do it immediately.

Additionally, you should consider a Disaster Recovery-as-a-Service (DRaaS) tool installed on your network. These can also be cloud services, thoug many will come with not only with a cloud bucket but with a hardware appliance that sits on-site with you and provides not only DR protection but an automatice backup tier, too. With a DR app running, you'll be able to continually back up critical systems and data, get up and running again after a disaster occurs, and reload certain apps and systems (rather than attempting to restart the entire network).

7. Mobile Device Management

If you're willing to allow your employees to choose their own laptops, tablets, and smartphones, then you should protect these devices in a manner similar to your own internal hardware. Mobile device management (MDM) tools allow you to remotely locate, lock, and wipe devices whether they're lost, stolen, or behaving suspiciously.

Some of the best tools available even give you the option to remove Wi-Fi passwords, configuration settings, and documents. They also control how users access and store data on the device. Do you want your employees to use a fingerprint to open the device instead of using a passcode? Do you want their personal data stored separately from corporate data? A solid MDM solution will help make this happen.

8. Identity Management

Sure your users probably have passwords not only to their desktops, but also to individual, networked business apps you've purchased for them to do their jobs, especially if those come packaged as accounts in various cloud services, like Salesforce (Visit Site at Salesforce.com) . But if that means you've loaded your users up with 5 or more different passwords simply to access their full set of job tools, then you should consider an identity management system.

Not only do such solutions provide automatic single sign-on (SSO), meaning your users can use only a single password to access all their work software; they also provide stronger password protection and let you define minimum password specifications so no one endangers the whole business by making "password" his logon to everything. Additionally, such tools provide advanced features, like user directories, audit trails, and multi-factor authentication (MFA).

9. The Honeypot Trap

This one is one step up from our other rules, all of which should be implemented by almost every business. The honey pot, on the other hand, is slightly more advanced, probably requires someone familiar with IT security to configure, and is most effective only in businesses that get directly targeted by hackers rather than only by the robo-malware that plagues most of the world. If that's you, however, this is a great way to set a mousetrap for intruders.

Honeypots are servers or computers loaded with phony data that are designed to attract the attention of hackers. They are typically less secure than the other systems in your network so that, when an attacker is looking for an access point, he or she will head to the honeypot first.

"It's a dummy computer you set up that lures hackers into your network," said Arsene. "It mimics a really poor, unsecured endpoint. Then IT can blacklist the payload or the URL, or they can find the vulnerability the attacker used."

With all of these protocols established (or at least with some combination of these protocols), your company much better equipped to withstand most of the current IT attacks that are impacting small businesses. Even more imporant, you'll be able to defend against them automatically, which is a key measure of defense. However, it's important that you continue to monitor the new attacks that are affecting other companies so that you can stay ahead of the curve.