3 Must Have Security Tools and Tips for Small Business Owners

FrankCrastCo-founder and CEO
Small businesses are increasingly becoming a target by hackers. In a recent USA Today  story "Hacking a big danger for small businesses," cyber attacks are not just reserved for big companies. Data breaches of notable brands such as Target and Home Depot have dominated the headlines over the past year, but small businesses are also targets and are more vulnerable than ever. 

According to a 2013 survey by the National Small Business Association, 44% of small businesses have been attacked and of those cost on average $8,700 per affected company. Attackers realize that small businesses don't often have the resources, time and knowledge to ensure their systems are secure. 

Many small businesses are also trusted as third parties for big companies, such as performing services that require access to facilities, systems and data. With that trust, comes the responsibility and need for good security tools, processes and knowledge to safeguard data. Brian Krebs described in his  blog how an HVAC vendor for Target fell victim to a targeted phishing campaign that successfully compromised the vendor's systems to install malware and also steal logins and passwords. The successful attack was then used to infiltrate Target's network via the stolen vendor credentials. 

Many of these types of stories could have been prevented with more security knowledge, awareness and attention to detail. The human element is often the weakest link contributing to many data breaches. In this article, I have outlined 3  types of security tools and tips that you may use in your business to stay one step ahead of attackers. These aren't necessarily sexy security software tools or gadgets, but rather great online resources to help improve data security in your business and reduce the odds of becoming another hacking statistic.
1 - Knowledge is Power (Free Web Resources)

If you are new to information security or interested in proactively improving security in your place of business, make the habit of staying up to date with the latest security events and trends by reading security blogs, news sites or research companies. You don't need a lot of money to learn something new every day in the field of information security. There is no shortage of security topics such as computer fraud, cybercrime, cybersecurity, forensics, network security, application security, cyber policies, and business continuity planning, just to name a few. 

Listed below is a small sampling of good security resources or tools you can use to increase your security knowledge and awareness in order to help prevent future threats to your business.
  • Independent Security Bloggers: Krebs on SecurityGraham Cluley and Schneier on Security (these security experts blog on a broad range of security topics and often include in-depth investigative reports or commentary on the latest security events, as well as provide excellent expert opinions on various security topics).
  • FireEye Blog: more advanced information on today's threats and intelligence reports (such as most recent APT28, a Russian espionage campaign). 
  • The SANS Institute: security education and training, security research and Internet Storm Center, just to name a few of the many services offered by this great security organization that has been around since 1989.
  • Various Security News outlets: ZDNetThe RegisterThreatpostWiredComputerworld and Tripwire's The State of Security.

Are you also looking for a brief overview or introduction to learn more about different security topics? Securezoo has also provided a sort of "knowledge base" tool, where you can read a  brief summary of selected security topicsalong with guidance and best practices you can put to immediate use. Each topic will also list related news events, standards and white papers.
2 - Security Standards

If you are looking for more in-depth information security guidance to use in upcoming security projects, tool implementations or to help meet regulatory compliance requirements, check out the following security standards resources: 
  • Payment Card Industry (PCI) Data Security Standard (DSS): The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to protect payment card data.
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule: HIPAA was etablished to ensure healthcare data protection standards and regulatory requirements for various healthcare providers and companies that handle healthcare data.
  • Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook): Data protection requirements for financial institutions such as banks, brokerages, etc.
  • ISO/IEC 27001:2013A widely used security framework and guideline to implement a holistic Information Security Management System (consists of 14 security groups or "domains" used to organize security controls).
  • DISA STIGs: Security Technical Implementation Guides (STIGs) developed by DISA for the DoD (includes hardening guidelines for various technology platforms to include Windows, Red Hat and Network devices to name just a few.

Securezoo has also created a security  standards resource tool to help make it easier to find standards and documents based on a security topic or security standards author. 

3 - Security Advisories (Automate via Twitter and Email Alerts)

As we all know, hackers are getting better and faster at creating new exploit kits to automate the detection and exploitation of known vulnerabilities, as soon as they become known to the public. 

Make a habit of checking security advisories for those technologies you use in your business (and patch immediately), for instance: 
  • Microsoft Security Bulletin (Technet): famous for "Patch Tuesday" and ongoing monthly or interim security patch announcements
  • Red Hat Security Advisories: Security Alerts, Bug Fixes, and Enhancements for Active Red Hat Products
  • Apple Security Updates: security updates for Apple products to include Max OS X, iOS and others.
  • Google Security Releases: Security and product updates for Google Chrome
  • Adobe Security Bulletins and Advisories: security advisories for Adobe products to include Flash, Reader and many others.
  • WordPress Security Releases: archive of security releases for the popular open source blogging platform.
  • United States Computer Emergency Readiness Team (US-CERT): "leads efforts to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans."

Also, check vendor websites for supported operating systems and support lifecycle. For instance, see  Microsoft's Product Lifecycle Search website and also  RedHat's Enterprise Linux Life Cycle

To help you stay on top of many of the numerous security advisories, Twitter is a valuable tool to get the latest advisories for information security updates. 

In conclusion, we hope some of these resources can help you in your quest to improve your knowledge in security and also protect your systems and data. Have fun with all the reading and research, as time permits. Security doesn't always have to be so serious and dreary as the headlines often describe. It is fascinating to learn new technologies every day and the amazing human element of security as well. 

Remember, be secure. It's a zoo out there! 

(This article was originally published on  Securezoo.com)
FrankCrastCo-founder and CEO

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.