SMBs have some traits that haven’t changed much in the past decade. They typically don’t have a dedicated IT staff, and when they get their computer systems working the way they want them to, they are reluctant to make any changes — even simple, yet critical, updates to software.
Michael Wong, a systems engineer with F-Secure, says when his company runs a scan for a new customer, it’s not uncommon to find 60 or 70 missing patches. “They usually aren’t aware they are so vulnerable,” he says.
Cybercriminals are aware, however. Sean Sullivan, security advisor at F-Secure Labs, says SMBs are a target: with less security in place than larger enterprises and with bank accounts that have more money in them than in individuals’ personal accounts, criminals find SMBs worth their while. In addition, SMBs need to defend attacks from an increasingly formidable enemy. Cyberattacks have evolved from email worms and trojans to organized attacks originating in numerous countries, targeting various markets, and implementing strategic plans to steal data to sell or to hold for ransom. “It’s not widely known how commoditized it is,” Sullivan comments.
Wong says Cryptolocker, ransomware that criminals began using last year, has been driving a lot of business — and another driver is a growing awareness of the need for tougher security. He has noticed that over the past few years, VARs are more educated and savvy when it comes to security offerings. And educated VARs can capitalize by educating their customers.
For example, Sullivan says SMBs often overlook updates to third-party software on their computers, and cybercriminals can use those missing defenses to exploit servers and access data. Sullivan comments that neglecting updates to Java were a large vulnerability in 2013. By educating their customers on the importance of updates — and even handling updates for them — VARs can ensure their customers are shoring up those weaknesses — and finding new recurring revenue streams for themselves.
Discussions about security can also help cement your role as a trusted advisor. Sullivan says, for example, if your customer’s employee who handles financial records also uses the same computer for social media activities, you might suggest a dedicated machine for finances. He also says to stay abreast of the news on the topic to discuss current threats and their concerns with your clients.
Helping your clients make good decisions about backup will also be valuable. Sullivan points out, “A lot of SMBs are backing up on media that is not secure. It’s not a matter of if it fails. It’s when.”
Wong suggests discussing your clients’ current methods of backing up data — and pointing if those methods have limitations. He says resellers are aware of SMBs’ concerns about storing their data in the cloud, but also sees trust in the cloud among SMBs is growing — and with data stored in the cloud, “If you lose it, you can get it back.”
Wong spoke to attendees at Channel Transitions West on April 29 in Santa Ana, CA, the first of the 2014 Channel Transitions VAR/MSP Executive Conferences, powered by Business Solutions magazine (BSM). During F-Secure’s breakout session at the event, he pointed out that offering security isn’t limited only to VARs working in a particular vertical or with a particular technology. For example, he referred to an F-Secure case study that illustrates how a solutions provider helped protect an automobile dealership. It’s something anyone can — and should — consider.