This is the dilemma faced by today's small businesses rushing to reap the benefits of the Internet and e-commerce. But those benefits come side by side with real security threats, and ignoring those security threats is a mistake. What you don't see can hurt you.
Finding security resources to alert -- not overwhelm -- you
You're reading a column written by a guy who receives so much security-related email that 200 messages is a slow day. But I've figured out a system to identify the critical items right away and then I leave the rest for review when time permits. Over time I've culled the influx down to a core group of resources for quick review with follow-ups to other links as needed.
With a few easy steps and some care, you too can get the information you need, in a form you appreciate, and at a time that's convenient. Try the following:
- Review major security-related sites (see "hot picks" listed below) and identify security alert items important to your firm. You will find a mixture of formats on these sites, and some will offer more appropriate notifications than others.
- On the sites you review, check for security newsletters and determine their focus. You will need to know your firm's basic hardware, network, software and security infrastructure to gauge the appropriateness of a newsletter.
- Subscribe to any seemingly appropriate newsletters. If you're worried about spam, check the site's privacy policy. If no policy is listed or a vague statement is offered, don't subscribe.
- Review the first couple of newsletters to see if they meet your needs. Unsubscribe immediately if they don't. And don't be tempted to keep the subscription in case you might miss something; you'll quickly become overwhelmed.
- For sites that offer security alerts that meet your needs, bookmark the URL and be sure to check the site daily. After a couple of weeks, delete any bookmarked sites that essentially replicate others but do a better job. Don't let the number of bookmarks expand!
- Two weeks' experience with your bookmarked security sites and "best bet" newsletters will be enough for you to cull the very best sites and newsletters (you should be able to drop down to a couple of useful dailies).
- Check your security resources each morning. Be sure to take action on warnings that could impact your firm (i.e., viruses, emailed hostile code, new security patches). At minimum, send a brief high-priority email alerting employees about the danger. If need be, call an alert meeting to talk with staff directly (too many don't have or take time to review their email).
Hot pick security information sites
There are lots of sites touting the latest security news and alerts. The current trend is to list all security-related news, regardless of the source, which results in many essentially duplicate sites. Unfortunately this field is too immature to exclusively cover small business security news. Check out the following sites for a head start toward your list of hot picks. Again, watch out for "candyland": too many goodies and not enough time to digest them!
ZDNet's Security Resource Center: A security mega-site with newsletters and whitepapers.
eSecurityOnline: A security mega-site with newsletter, news by category, and an online vulnerability subscription service that can be tailored to your technology environment.
SecurityPortal: Offers a virus research center and weekly newsletter.
Security Focus: Includes a security basics mailing list to help you become more informed and up-to-date. Includes news, how-to's, virus alerts, and incident notification.
Bigtarget: A security meta-search engine that can make your day by finding the specific security alert resources you need.
Careful for the spin, regardless what site you're in
The five sites I've listed are your best bet for small business security information. Their format is reasonably straightforward and most of the information is in plain English. Notice that I've refrained from vendor sites, even though they may offer similar information or services. Information bias -- call it disinformation, misinformation, or spin -- is alive and well in the security market. Even news sites can have preferences, dependent on a variety of relationship factors.
By checking out multiple security information resources, you'll find the ones that match your preferences and needs. Good hunting!
Dr. Goslar is principal analyst and founder of E-PHD, LLC -- a security industry research and analysis firm. He is also on the editorial board of the International Journal of Electronic Commerce and can be reached at Comments@E-PHD.COM.