September 15, 2009 - Many Small-to-Medium sized Businesses (SMBs) are struggling to implement an effective security strategy due to budget constraints and a lack of dedicated, skilled IT staff, which is leaving them vulnerable to malicious network attacks that could cripple their ability to do business.

IP-based security and unified threat management (UTM) specialist, Clavister is urging SMBs to look at security as an ongoing process based on good practices, good advice and the implementation of comprehensive, scalable security solutions. Implementing effective IT and network security is a challenge for businesses of any size, however the biggest challenge for SMBs is the complexity of security and the speed at which threats change.

"It is essential that SMBs get it right," explains John Vestberg, chief technical officer, Clavister. "It is a misconception that larger organizations are more at risk than SMBs. Actually, larger organizations usually have sophisticated security solutions in place so SMBs are often considered as the more vulnerable targets and can be the victim of a wider attack on a large company. At Clavister, we see security as intrinsic to the well being of a company network and no matter the size of the company; the need for security remains the same."

Clavister advises that for SMBs to identify threats and effectively combat them, they need to adopt a logical approach that first assesses the risks then audits current infrastructures before going on to put in place best practices supported by appropriate security solutions. The SMB IT administrator needs to ask the following questions:

1. What systems or resources do I need to protect?
2. What is the commercial or business value of those resources?
3. What are the possible threats that those resources face?
4. What is the likelihood of those threats being realised?
5. What would be the impact of those threats on the network?

"Assessing risk is the first step towards improving network security for the SMB," says Vestberg. "Whether it is related specifically to network security and the Internet or to any other aspect of the business, an effective risk assessment must document potential threats, establish an organization's vulnerability to those threats then evaluate the cost or damage they could cause. This must then be compared with the cost of implementing protection and asking is the investment worth it."

Clavister also advises that for SMBs to keep pace with the ever-changing threats to network security, once the investment in security has been made, they need to see it as an ongoing maintenance cost, not just a one off investment.

For more information on implementing an effective security strategy for SMBs, Clavister has developed a whitepaper on this subject. To download a copy, please visit http://www.clavister.com/