SAN FRANCISCO – Many small businesses view IT security as either a daunting undertaking or an unnecessary expense, but some form of security is necessary for any small business, and it’s not a case of one-size fits all.
In an interview at Kaspersky Lab’s annual security reviewers summit, Tiffany Rad, a security researcher with the Russian vendor’s global research and analysis team, told ITBusiness.ca that while a certain level of protection is necessary for any small business, the level of protection needed will vary based on their threat level and risk tolerance.
“To understand what your threat is, you need an understanding of what your assets are and what your risks are,” said Rad. “Those are the factors that need to be weighed to determine what you need, and whether putting in an enterprise-level security suite and physical security is necessary or practical.”
For example, a business with an e-commerce storefront or that handles credit card information will want to keep that information secure with a higher level of protection. Also, many small businesses are part of a larger supply chain, handling components of projects for larger contractors. A small business could be viewed as a weak point to access that sensitive information.
“You need to recognize who your clients are, what types of products or services they’re offering, and if it might be of interest to malicious actors,” said Rad.
Smaller companies and “mom and pop” operations have also been a growing target of financial malware, said Rad, due to the perception that they’re less secure and less aware of security issues than larger companies.
“(They think) it may be easier to hit a bunch of smaller companies, as opposed to one very large company with strong security in place,” said Rad.
At a minimum, Rad said any business that uses e-mail needs to at-least have anti-virus protection. A growing risk for SMBs though is mobile threats, with smartphones being targeted and often containing as much sensitive corporate data as a laptop. Too often laptops aren’t protected either though, said Rad. Many SMBs will pick up a laptop at Best Buy, use the pre-loaded software for the free three months, and then never renew it after expiry.
“It’s better to have something than nothing, and there are ways to get protection on a limited budget,” said Rad. “I recognize cost concerns, but there are alternatives.”
When it launches its 2014 consumer suite in mid-August, Kaspersky will be taking a multi-device approach with a new offering, Kaspersky Internet Security Multi-Device. It will include licenses for all of Kaspersky’s platform offerings – Kaspersky Internet Security for PC, Kaspersky Internet for Mac and Kaspersky Internet Security for Android (merging formerly separate solutions for smartphones and tablets) so a household can protect all their assorted devices with one purchase.
“We’re changing it so the consumer gets the understanding of what they need for their different devices, and all will have the Internet Security nomenclature,” said Elliot Zatsky, senior director of consumer partner services for Kaspersky Lab. “Increasingly people are doing the same thing on different devices. It’s the same Internet, and they need to be protected.”
For PCs, Kaspersky will also continue to offer Kaspersky Pure Total Security and Kaspersky Anti-Virus.
A unified management console will follow in September, called Kaspersky Protection Center. It’s an online web portal that will provide one place where users can manage all their devices, see their license status, get real-time status of their protection and, with Android devices, remotely manage their settings and access anti-theft tools.