Three SMB Security Mistakes And How To Fix Them

Australian small and medium-sized businesses (SMBs) have become a preferred target for cybercriminals and this is evident as cases of cryptolocker attacks on this market segment have grown rapidly in recent years. The reason? Because it's easier. Unlike enterprises, SMBs often don't have robust security measures leaving multiple entry points for attackers to come in and wreak some havoc. Here are some of the biggest security mistakes SMBS makes and how to remedy them.

Tokyo picture from Shutterstock

Security vendor, WatchGuard, specialises in security offerings for SMBs. Often the company's representatives will interact with customers on-site and witness first hand the mistakes they are making that are putting their IT security in jeopardy.

Speaking at a media event in Sydney, WatchGuard regional director for Australia and New Zealand, David Higgins, gave Lifehacker Australia a list of the top three security mistakes he sees being committed by SMBs in Australia:

Failure to patch operating systems and applications

This is one of the most common things SMBs don't do. Yet, patching is one of the most important things businesses should do to ensure they are protected against the latest security threats.

"Security is one of those things that when everything works nobody notices but if something goes wrong then everybody notices," Higgins said. This is one of the reasons why SMBs are so lax about patching. If their computers and systems all seem to be operating smoothly, security is not at front of mind.

But by not applying a patch, SMBs are leaving the door wide open for malware to walk right in. Attackers are finding flaws in operating systems and applications to exploit on a daily basis and IT vendors are now issuing regular patches to close off those vulnerabilities.

So make sure you are up to date with the latest patches from your respective IT vendors.

Having no defined policies to manage app security

The number of apps businesses use is increasing at an exponential rate as SMBs look to use software to improve the way they work. Trouble is, managing these apps and ensuring that they are all secure is a labourious task, Many SMBs are either reluctant to invest the time in it or have no idea how to go about it.

Higgins recommends a technique called whitelisting, which grants specific content or software permission to run. This means only trusted apps are allowed to operate in a work IT environment while everything else is denied or restricted. This adds an extra level of protection against potential malware that can enter through zero-day attacks, infected email attachments or downloading compromised documents from file sharing sites.

Application whitelisting does require a bit of heavy lifting at the start. Your company needs to set policies on how to define a trusted app and then go through the process of actually classifying each app within the organisation. But the result is improved security, enforced software licence compliance and it gives companies more control over their IT.

Not enough staff training on security

Attackers like to take advantage of the fact that people make mistakes. Often times malware enter an organisation because a worker has downloaded a malicious file without knowing or by some form of human error.

Keeping your staff informed of potential security threats is a way to make them more vigilant on what they do on work devices and systems. Tell them what to look out for, what they should and shouldn't be doing on their devices at work and what to do when they encounter suspicious content.

Do you take any other measures to protect your SMB from security threats? Let us know in the comments.


    What are these SMBs you're referring to?
    To me they are Server Message Blocks (such as Samba) used in file/printer sharing, etc. But this doesn't translate into the context of the article. This is why you should always define acronyms.

      Hi there!

      I have updated the article to show SMBs = small and medium-sized businesses. Cheers!

      You know, I was going to take a crack at your use of SMB, because I thought it was made obsolete by CIFS. A quick google search tells me I'm very wrong. CIFS is dead, long live SMB2.

      Anyway, in this context SMB is Small and Medium Business.

      But while we're on the topic, AI is often referenced without any context, but long before AI was artificial intelligence , AI was (and still is) a routine medical procedure that a veterinarian does to livestock which leads to pregnancy (Artificial Insemination)... Which is something news reporters should keep in mind before writing headlines like "Why AI could destroy more jobs than it creates" or "AI makes accountants smarter"

      Last edited 22/09/15 2:02 pm

        @xqx I'm a bit of an old dog. My skillset could do with updating. In nearly 2 decades of IT I've seen many acronyms come and go... and annoyingly come back as something else. Your AI example is a classic :-)


      Abbreviations that are pronounceable as a word (e.g. SCUBA or NATO) are acronyms. Abbreviations where you pronounce each letter (e.g. F.B.I. or C.I.A.) are initialisms.


        I say Semb :-)

        Yeah, OK, you're right. SMB isn't an acronym.

Join the discussion!

Trending Stories Right Now