SMB Security: Five Bright Ideas

Small businesses have to be crafty to handle security with fewer resources. Here are bright ideas for SMBs.

Adam Hansen is that rare bird in the small to midsize business (SMB) realm: He is a CSO. Hansen heads up security for Sonnenschein, Nath and Rosenthal, an 800-attorney law firm in Chicago.

Granted, Hansen's employer sits on the higher end of the SMB size spectrum, but it is still relatively uncommon for companies with revenues under $500 million to have a person devoted to security. Hansen is rarer yet in that he leads a staff of six security professionals, who handle all aspects of physical and information security for the firm, which has 16 offices. "I've been lucky here," he says. Many companies of comparable size don't have anyone who takes a global view of security.

More great tips for smaller companies

When it comes to information security, most IT people at SMBs tend to be generalists rather than specialists like the ones at Sonnenschein. "They put in a new disk farm yesterday, today they're doing a website, tomorrow they will do something with security," says Darrell Rodenbaugh, senior VP of the midmarket segment for McAfee Security, a security software vendor in Santa Clara, Calif.

McAfee surveys its vast SMB user population frequently to discern their security practices and habits. "Most spend less than an hour a week proactively managing security," says Rodenbaugh. According to the most recent McAfee survey, most SMB respondents did not believe they are a likely target of cybercrime. "They don't think they are well enough known, but nothing could be further from the truth."

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.