Whatever the state of the economy, it's crucial for your company to ask routinely, "Is there a smart alternative that would allow us to spend less in this category?" When it comes to protecting your data and your IT systems in general, this has become a trickier question to answer. Although there is a growing array of IT-security options out there, which ones can you adopt without increasing the risk that your computer network will be compromised?
Some SMEs opt to use the security tools preinstalled on their computers, or the ones bundled by their Internet service providers. Others use free tools to manage the risk of data loss and privacy breaches. But are these wise options? Can you mix strategies? And whom should you trust?
The security software that comes to mind most quickly are the tools sold by industry behemoths Symantec and McAfee. A number of free options also exist, such as AVG and Avast, but they're geared more for home users. So are there any viable options for an SME between shelling out hundreds of dollars for commercial software and using consumer-oriented free counterparts such as the above?
As a matter of fact, there are. One comes from a source that most companies don't readily consider: Microsoft. The Windows Firewall is a good product that includes bidirectional filtering and comes pre-installed with every copy of the operating system. Most companies, small or large, use it to supplement the security provided by other layers of commercial software. An often-forgotten gem is its companion of sorts: the Microsoft Security Essentials (MSE) anti-malware suite, which is available for free download and licensed for business use for up to 10 workstations. MSE will quietly scan your computer while you work and offers discreet protection against the latest IT security threats.
But what if you're a savvy business that prefers to use a toolkit of security tools from a variety of vendors? Perhaps loyalty to one product isn't in your interest or centralized management of a single-source technology spells trouble in your book. In such cases, you may feel that the risk that a vulnerability in one part of the technology will cause a system-wide breach may be higher than if you instead use a diversity of tools and technologies. If so, the good news is that the Comodo Internet Security Suite and the AVG Antivirus Small Business Edition are both free alternatives to commercial software. They're licensed for business and routinely come out on top when independent software testers measure detection and speed of execution.
Given the superior performance of free products such as this, the days of paid anti-virus products may be numbered. Still, security is about more than just viruses and malicious network traffic. It's also about email, voice and instant messaging; file sharing and mobile commerce; collaboration and full disc encryption; USB security; VPN and secure remote-workstation management; and even free security testing and auditing tools. Your SME has the same security needs as large companies do, and your firm's reputation and liability are just as sensitive to breaches and compliance snafus as those of large enterprises.
Home users will continue to get the best deal: free security with practically unlimited selection. But the outlook is almost as rosy for SMEs, with free business licenses for numerous excellent products, such as Skype, TrueCrypt and Comodo Unite VPN.
If you do that, the cost of running a more secure business will go down even as your firm's IT risk level decreases. You can better protect your client data and other assets on your computer network with a few layers of free security than with a single-source suite of commercial security software. This will likely leave you better prepared to handle unexpected attacks and prevent IT breaches that could easily turn into costly and embarrassing incidents.
Claudiu Popa is a security and privacy-risk advisor, and president and CEO of Informatica Corp. He is also co-author of The Canadian Privacy and Data Security Toolkit (Canadian Institute of Chartered Accountants, 2009) and Managing Personal Information (Reuters, 2012).
More columns by Claudiu Popa