Three SMB Security Mistakes And How To Fix Them

Australian small and medium-sized businesses (SMBs) have become a preferred target for cybercriminals and this is evident as cases of cryptolocker attacks on this market segment have grown rapidly in recent years. The reason? Because it’s easier. Unlike enterprises, SMBs often don’t have robust security measures leaving multiple entry points for attackers to come in and wreak some havoc. Here are some of the biggest security mistakes SMBS makes and how to remedy them.

Tokyo picture from Shutterstock

Security vendor, WatchGuard, specialises in security offerings for SMBs. Often the company’s representatives will interact with customers on-site and witness first hand the mistakes they are making that are putting their IT security in jeopardy.

Speaking at a media event in Sydney, WatchGuard regional director for Australia and New Zealand, David Higgins, gave Lifehacker Australia a list of the top three security mistakes he sees being committed by SMBs in Australia:

Failure to patch operating systems and applications

This is one of the most common things SMBs don’t do. Yet, patching is one of the most important things businesses should do to ensure they are protected against the latest security threats.

“Security is one of those things that when everything works nobody notices but if something goes wrong then everybody notices,” Higgins said. This is one of the reasons why SMBs are so lax about patching. If their computers and systems all seem to be operating smoothly, security is not at front of mind.

But by not applying a patch, SMBs are leaving the door wide open for malware to walk right in. Attackers are finding flaws in operating systems and applications to exploit on a daily basis and IT vendors are now issuing regular patches to close off those vulnerabilities.

So make sure you are up to date with the latest patches from your respective IT vendors.

Having no defined policies to manage app security

The number of apps businesses use is increasing at an exponential rate as SMBs look to use software to improve the way they work. Trouble is, managing these apps and ensuring that they are all secure is a labourious task, Many SMBs are either reluctant to invest the time in it or have no idea how to go about it.

Higgins recommends a technique called whitelisting, which grants specific content or software permission to run. This means only trusted apps are allowed to operate in a work IT environment while everything else is denied or restricted. This adds an extra level of protection against potential malware that can enter through zero-day attacks, infected email attachments or downloading compromised documents from file sharing sites.

Application whitelisting does require a bit of heavy lifting at the start. Your company needs to set policies on how to define a trusted app and then go through the process of actually classifying each app within the organisation. But the result is improved security, enforced software licence compliance and it gives companies more control over their IT.

Not enough staff training on security

Attackers like to take advantage of the fact that people make mistakes. Often times malware enter an organisation because a worker has downloaded a malicious file without knowing or by some form of human error.

Keeping your staff informed of potential security threats is a way to make them more vigilant on what they do on work devices and systems. Tell them what to look out for, what they should and shouldn’t be doing on their devices at work and what to do when they encounter suspicious content.

Do you take any other measures to protect your SMB from security threats? Let us know in the comments.

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


7 responses to “Three SMB Security Mistakes And How To Fix Them”