Small- and medium-sized business (SMB) are often one of the segments most targeted by cybercriminals. Now, SMBs are backed by legislation signed by U.S. President Trump and unanimously supported by Congress.

On Aug. 14, President Trump signed into law the new NIST Small Business Cybersecurity Act. The new policy “requires the Commerce Department’s National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

The legislation was proposed by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). This new policy is a follow-on effort to the Cybersecurity Enhancement Act of 2014, which was the catalyst for the NIST Cybersecurity Framework.

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, in an official statement. “With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”

Per the NIST Small Business Cybersecurity Act (S. 770), within the next year the acting director of NIST, collaborating with the leaders of appropriate federal agencies, must provide cybersecurity “guidelines, tools, best practices, standards, and methodologies” to SMBs that are:

• Technology-neutral
• Based on international standards to the extent possible
• Able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems
• Consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014
• Deployed in practical applications and proven via real-world use cases

The law follows the structure presented by U.S. Rep. Dan Webster (R-Florida) and passed by the House of Representatives. He originally presented the bill to the U.S. House Science, Space, and Technology Committee in March 2017.

SonicWall President and CEO Bill Conner also was instrumental in helping form the groundwork for U.S. cybersecurity laws. In 2009, Conner worked with U.S. Senator Jay Rockefeller (D-West Virginia) and other security-conscious leaders on the Cybersecurity Act of 2010 (S.773). And while the proposal was not enacted by Congress in March 2010, it served as a critical framework to today’s modern policies. Rockefeller was eventually the sponsor of the aforementioned Cybersecurity Enhancement Act of 2014 (S.1353), which became law in December 2014.

SMBs Highly Targeted by Cybercriminals, Threat Actors

According to a recent SMB study by ESG, 46 percent of SMB decision-makers said security incidents resulted in lost productivity in their small- or medium-sized business. Some 37 percent were affected by disruption of a business process or processes.

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

In fact, in July 2018 alone, the average SonicWall customer faced escalated volumes of ransomware attacks, encrypted threats and new malware variants.

• 2,164 malware attacks (28 percent increase from July 2017)
• 81 ransomware attacks (43 percent increase)
• 143 encrypted threats
• 13 phishing attacks each day
• 1,413 new malware variants discovered by Capture Advanced Threat Protection (ATP) service with RTDMI each day

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

Leverage NIST Policy, Frameworks

While SMBs await guidance from the new NIST Small Business Cybersecurity Act, they can leverage best practices from the NIST Cybersecurity Framework, which helps organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

At a high level, the framework is broken down into three components — Implementation Tiers, Framework Core and Profiles — that each include additional subcategories and objectives. Use these key NIST resources to familiarize your organization to the framework:

• New to the Framework
• Framework Components
• 14-Step Roadmap
• Online Learning Modules
• Full Document: “Framework for Improving Critical Infrastructure Cybersecurity”
• FAQs

Applying Cybersecurity Designed for SMBs

The NIST framework provides a solid foundation to improve an SMB’s security posture. But the technology behind it is critically important to achieving a safe outcome. SonicWall, for instance, is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

With more than 26 years of defending SMBs from cyberattacks, SonicWall has polished and refined cost-effective, end-to-end cybersecurity solutions. These solutions are tailored specifically for small- and medium-sized businesses and can be further customized to meet the needs of specific security or business objectives. A sound, end-to-end SMB cybersecurity should include:

• Next-generation firewalls (NGFW) with SSL inspection
• Multi-engine cloud sandbox with deep memory inspection
• Endpoint protection (next-generation antivirus)
• Email security
• Secure mobile access
• Wireless network security (Wi-Fi access points)
• Cloud-based management, analytics and reporting

For example, the SonicWall TZ series of NGFWs is the perfect balance of performance, value and security efficacy for SMBs, and delivers access to the SonicWall Capture ATP sandbox services and Real-Time Deep Memory Inspection.^TM This integrated combo protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

For organizations that want to take it a step further, the SonicWall NSa series of firewall appliances were given a ‘Recommended’ rating by NSS Labs in a 2018 group test. SonicWall topped offerings from Barracuda Networks, Check Point, Cisco, Forcepoint, Palo Alto Networks, Sophos and WatchGuard in both security efficacy and total cost of ownership.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, online threats and even the latest Foreshadow exploits.

SonicWall solutions are available to SMBs through our vast channel of local security solution providers, many of which are SMBs themselves. In fact, many SonicWall SecureFirst Partners even provide security-as-a-service (SECaaS) offerings to ensure it’s easy and cost-effective for SMBs to protect their business from advanced cyberattacks.

Fresh off of April’s massive SonicWall Capture Cloud Platform launch, SonicWall has been featured in a pair of CRN articles highlighting the hottest products at RSA Conference 2018.

The SonicWall Capture Cloud Platform is lauded in CRN’s “10 Hot New Cloud Security Products Announced at RSA 2018” listing. CRN recaps the platform’s ability to integrate security, management, analytics and real-time threat intelligence across SonicWall’s portfolio of network, email, mobile and cloud security products.

Complementing that accolade, a pair of new SonicWall products were listed in the “20 Hot New Security Products Announced at RSA 2018” category. The new SonicWall NSv virtual firewall (slide 7) and SonicWall Capture Client (slide 12) endpoint protection were showcased.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

SonicWall’s Scott Grebe explains automated, real-time breach detection and prevention during RSA Conference 2018

SonicWall Network Security virtual (NSv) firewalls protect all critical components of your private/public cloud environment from resource misuse attacks, cross virtual machine attacks, side channel attacks and common network-based exploits and threats. It captures traffic between virtual machines (VM) and networks for automated breach prevention and establishes access control measures for data confidentiality and ensures VMs safety and integrity.

Don’t try this at home”¦.go with next-gen firewall experts

Cyber attacks are relentless, and increasing in volume, intensity and sophistication. The sophistication of these attacks is beyond your wildest imagining. Do you have the security expertise to guard your business and customer data yourself? Today, more organizations are outsourcing to Security-as-a-Service (SECaaS).

In this two-part blog, I will discuss the top advantages to securing your business with enterprise-class security solutions provided to you as a service. In this first blog, I’ll cover the first four core advantages of SECaaS. In the second, I’ll explore more why this service could work to fit your infrastructure.

Optimally, a Security-as-a-Service provider should enable you to do the following:

1. Outsource your network security to an experienced security provider

Maximize your security position by utilizing certified partners skilled in your next-gen firewalls and associated security technologies. With the right SECaaS solution, you can easily realize the benefits of having an experienced partner overseeing everything for you.

2. Have your SECaaS firewall solution expertly configured by certified engineers

Each business is unique and the firewalls should be built and configurable to fit your needs. Your Security-as-a-Service next-gen firewall solution should block threats on multiple entry points including those from employee laptops, mobile devices and desktops. (Now, even cameras have had malware loaded on them.) You will want custom SECaaS protection for retail, and address the need high-speed wireless network security. For private schools, you will want to protect students and the devices issued to them.

3. The efficiencies of a turn-key solution delivered to your doorstep

You will want your SECaaS solution to have a next-gen firewall, with gateway anti-malware, intrusion prevention and content filtering. All of it should be installed, configured, deployed and managed as one unit. Event data should be available through one reporting system to enable proactive monitor and reporting. Your SECaaS solution should identify threats before your business is impacted.

4. Mobile Mobile Mobile

Allow your employees to access your network while on the road on any device at any time. Your SECaaS should include secure mobile access and VPN for Windows, Apple iOS, Android devices, and enable guest vendors/contractors be able to use the network securely.

Find out how SonicWall Security-as- a-Service (SECaaS) can do it all for you. SonicWall SECaaS provides you with the same level of network security that NASA demands and protects your network from a wide range of emerging threats. Pay month to month for a solution that fits your security needs. SonicWall certified partners are relied upon every day and have gone through rigorous training and education. You will be so happy you did not try this at home.

Note: This is a guest blog post by Reyna Thompson, Vice President, Product Marketing at SYNNEX.

Reyna Thompson is Vice President of Product Marketing at SYNNEX Corporation. She is responsible for the ConvergeSOLV Secure Networking Business at SYNNEX. Mrs. Thompson joined the SYNNEX team in 2002, as Associate Vice President of Solutions Marketing for the Technology Solutions Division. Prior to working for SYNNEX, Reyna worked for Gates/Arrow Distributing, where she held various roles dating back to 1993.

As a Fortune 212 company, SYNNEX has the size and velocity to help you efficiently run your business, and the security savvy skills and expertise to focus and expand your IT security practice. We are proud to be a distributor for the SonicWall solutions portfolio, and we’re excited to be a sponsor at this year’s Peak 16 ““ Govern Every Identity. Inspect Every Packet. Open Your Own Department of Yes. ““ at the Aria Resort and *** in Las Vegas, NV, Aug. 28-31. There are great keynotes planned for this premier channel partner conference. The speakers include, special guest – Coach Herm Edwards ““former NFL head coach and player and ESPN NFL Analyst, Curtis Hutcheson, VP and General Manager of SonicWall and One Identity, Patrick Sweeney, VP of Product Management and Marketing SonicWall and One Identity and Steve Pataky, VP of Worldwide Security Sales. These keynotes will be followed by business and technical breakouts. Our SonicWall Team is delighted to once again meet face-to-face to help you find, manage and close your next network security deal.

We’re also here to help you scale ““ and, ultimately, grow ““ your business. Key to that is ensuring you have both bandwidth and geographical reach when it comes to professional services. In this year’s booth in the expo hall, SYNNEX will be presenting 5 Ways we can help grow your business. Stop by booth 109 in the expo at PEAK16 to learn more about:

• How to get FREE vulnerability assessments for use with your customers
• Seven benefits of joining SYNNEX’s free Security Partner Community
• How to increase your quoting speed with one-hour turn-around times from SYNNEX
• How to stand-up your own managed service practice with SYNNEX’s Firewall-as-a-Service offering
• How to save your time and resources while still earning double digit margins with our nationwide installation services

Don’t wait to register for PEAK16. For more information on how SYNNEX can grow your business, contact us today at sonicwall@synnex.com. Follow the conference hashtag #YESPeak16, @SYNNEX and @SonicWall on Twitter to follow the conversation.

It’s August 5, 2016 and you settle down at your computer to watch the Olympic opening ceremony. You have no fear of catching Zika, unlike the thousands of people in Rio. Feeling safe, you navigate to the official broadcast site of the games and click on Watch the Olympics live.

But wait, there’s fine print: Simply Sign-In Using Your TV Provider Account Login/Password And You’ll Have Access To FREE, LIVE Rio Olympics Coverage. Not cool. “Who pays for TV?” you ask yourself. “Haven’t they heard of streaming?” So you search on “Olympics live streaming free” and there, on the first page of results is:

The site doesn’t look official, but hey, the media player icon looks like YouTube, which you know is safe, so you click Play. The site asks you to download and install a video codec. The ceremony starts in five minutes and the screen screams “Stream in HD now!” You’re one step away from the Free Live Stream, so you click Accept”¦within microseconds, your computer is infected with a virus. Perhaps the video will start, perhaps it won’t, but in either case, the malware now on your computer will give you greater problems than missing the opening ceremonies.

How can you protect yourself from such a scenario? Here are some precautions you can take:

1. Don’t go there. If a website is not an official site, chances are that it does not have the right to stream protected content. And if it does not have rights to stream, then the content is just bait for unsuspecting visitors like you.
2. Don’t click that. So you ended up on the site anyhow. If it asks you to click a link or icon, tempts you with ads for free stuff, wants to do a download, or wants to install something, the only thing you should click is Close, as in close the browser.
3. Update, update, update. Whether you are using a PC or a mobile device, update your operating system with the latest hotfixes. Update your browser to the latest level. Update your anti-virus software with the latest signatures. Configure your applications to do all these things automatically.
4. Control and protect your network with a next-generation firewall. A next-generation firewall includes up-to-date security services that blocks websites of ill-repute, prevents malicious downloads, and kills the latest viruses. It even denies intrusions and attack attempts, snuffs out botnet traffic patterns, and recognizes which countries have the riskiest and most suspect Internet activities. You can’t get this level of security simply by following the first three precautions.

To learn more about the bad things that can infect you on the Internet and the ways that you can inoculate yourself, read our ebook – How ransomware can hold your business hostage.

Learn More