Data breaches are among the worst types of disaster to befall a company, regardless of size. While it might be easy to think that hackers are only attempting to attack the biggest companies, this idea is simply not true. According to a recent webinar by Intronis, 66.7% of all breaches occurred in companies with anywhere from 11 - 100 employees and in 97% of breaches here were controls that could have been used to stop the attack. In addition, but according to research from Symantec these attacks are on the rise - an increase of 300% in 2012, certainly not an insignificant amount. This is why it is so important to prepare to protect your company data from attackers - it really can happen to anyone, and it can be preventable, or at least your company can fight back.
The basics that an SMB should have in place are a firewall for any and all infrastructure, antivirus for client desktops in addition to the server, and a diligence about updating. Some industries may require more at a regulatory level, but this is a good place to start getting prepared to stop attacks. Employee education on how to not allow attackers in is important as well, since all the firewalls in the world won’t stop a virus that gets in via an employee downloading the virus inside the network, after all. Attacks on employees typically originate from phishing attacks and social engineering attacks, which can be more problematic than traditional malware. With malware attacks a backup solution will help to get servers and employees back online - but if data is stolen there simply isn’t a way to put the genie back in the bottle.
To add additional layers of defense, beyond those basics, the first place to start is to educate your team as to how to stop phishing and social engineering attacks from tricking them into giving attackers the keys to the castle. This should be ongoing training, and should also include education about attacks that can happen in the real world as well, such as the BadUSB exploit for USB drives or social engineering attacks that might originate over the phone. There is still the possibility that your team might make a mistake - some phishing attacks are incredibly elaborate, and sometimes social engineering attacks will target extremely obscure pieces of data that people might not even know tie to their work accounts. But this will reduce the opportunity for attack.
Now that the employee team has been educated, working to improve security procedures regarding hardware can proceed. This can be done via penetration testing to attempt to find holes in the network, as well as working with any additional services the firewall might have, aside from simply blocking and allowing traffic. These additional services include features such as application controls, web filtering, and anti-virus subscriptions at the firewall level, and are typically a part of more advanced firewalls known as Next-Generation Firewalls (NGFW).
Another area to consider is attacks in the physical world - the aforementioned USB attack is a non-issue if your infrastructure is based in the cloud or in a colocation space in a security-protected datacenter. This is where social engineering or phishing attacks become the primary way to cause trouble (as they always are). I've linked to a couple of additional articles that I've worked on to help to protect against those cases.
Alejandro
