Sure, it is fun complaining about trying to implement security in small business IT, but there are some real advantages that help offset many of the problems we face.
People are a great example- we get to know them. You don't have to like all of them, but knowing a bit about the personalities in your company can bring some valuable insights. New exploit in the wild? You already know who your "high risk" end users are- you can focus on the people and machines that are the most likely to be exploited because of the nature of their work or their habits. You also know which users will actually listen when you tell them that no one is sending them anonymous eCards, so don't open them- and focus your efforts on the, let's just say "harder to train" end-users.
In small business, we have to do it all. On the other hand, in small business we get to do it all. We handle most projects from end to end and have a better understanding of complete systems because of the added perspective. We also get to know our networks and systems very well. We learn what to expect when lightning strikes or the power goes out. We have a pretty good idea which applications might break on Patch Tuesday and can plan accordingly. If we stop, think and apply this knowledge before we start new projects, we can prevent problems and create a more secure environment.
Small businesses often offer a better quality of work life than big corporations. It is still possible to find loyalty in smaller companies. Small companies are more likely to be flexible with schedules and other intangibles. At my "real job", we have just over one hundred employees; about a quarter have been with the company over eight years and four of us have been here over twenty. That doesn't count the owners or their family. And that's in an industry with an average annual turnover above fifty percent. I don't think you will find many corporations that can put up numbers like that.
Yes, sometimes we have to battle to simply get a password policy, forget having a good one. Sometimes we simply have to cut corners (so do the big guys). But there are real opportunities in small business IT, so use them to your advantage.
Jack
skip to main |
skip to sidebar
Just another security blog.
About Me
- Jack Daniel
- Storyteller, Information Security Curmudgeon, Security BSides Co-Founder, Community Advocate at Tenable Network Security, Co-host at Security Voices podcast.
Contact- jdaniel/at/voodooelectronics/dot/com
Blog Archive
-
▼
2007
(57)
-
▼
July
(13)
- But Jack, isn't that hypocritical?
- Partners and Security, Part 3
- A Convert!
- Mental Health, InfoSec and Playing with Fire
- Partners and Security, Part 2
- BeanSec!
- iEnough iAlready with the iPhone!
- The good things about small business IT
- Time for an introduction
- Are the vendors clueless, or are we?
- Happy Birthday USA
- Security and Business Partners
- Security Anecdote Theater, episode 2
-
▼
July
(13)