In the digital age, SMBs have new opportunities to compete in broader, more varied markets. Since business today is 100 percent plugged in and connected, SMBs are facing a unique set of security challenges. Knowing that these risks aren’t going anywhere, staff members each have a specific role to play in the information security game plan – much like positions on a soccer team.
In a new article on Help Net Security, our Information Security Threat Analyst, Marc Laliberte breaks down how soccer positions parallel information security responsibilities of various SMB staff members and departments:
- Strikers: In an SMB, strikers are your end users; the rank and file of the company working towards their own goals. But sometimes the striker slips and springs a counter attack from the opposition. In an SMB, this could mean opening a malicious attachment in an email, clicking a link to a compromised website online, or installing an application that contains a Trojan.
- Midfielders: In an SMB, the “midfield” is made up of your IT support staff. They should be constantly reviewing your active systems to keep them up-to-date with the latest patches.
- Defenders: The defenders are systems and network administrators in an SMB or the dedicated security administrator in larger organizations. They should focus on designing and implementing a secure network for your organization. These defenders should segregate critical systems from the main network to keep an attacker from reaching that part of the field.
- Goalies: While observing a real soccer match, you might notice how often the goalie calls out to their teammates. This type of communication is important in SMBs too. Reporting is a critical piece of any functional team and employees in any role should be vigilant when it comes to reports from technical controls that may indicate a security issue.
- Managers: A strong team needs strong leadership. SMB team managers, whether they are the head of IT or a C-level executive, need to work with the entire company to identify and stop threats in the same way a soccer team’s manager sets the strategy against an opposing club. For an SMB, these strategies would equate to designing and implementing company policies that govern how technology is used within the organization and how each team member is expected to contribute to information security.
Just as soccer matches aren’t won by a single star player, information security doesn’t rest on the shoulders of a lone SMB employee or department. When it comes to security at SMBs, having everyone on the same team is the best way to minimize risk.
Check out the full article on Help Net Security.