In an insightful interview with CanadianSME Small Business Magazine, Alan DeKok, CEO of InkBridge Networks and a global authority on networking and system security, shares his expert guidance on safeguarding small businesses from today’s digital threats. Alan, the visionary behind the FreeRADIUS project, brings decades of experience in network security, emphasizing the importance of outsourcing and leveraging trusted providers for small business security needs. From handling remote work vulnerabilities to practical advice on managing cybersecurity risks, Alan highlights the essential steps SMEs should take to build a resilient security foundation without diverting focus from their core operations. His insights provide a roadmap for small business owners to navigate the complexities of modern network security, keeping their data safe and their business thriving.
Alan DeKok is a world expert on networking, authentication, and system security. He created the FreeRADIUS open-source project in 1999 and led that product to a dominant market position while also developing a successful business focused on designing and building RADIUS-based solutions.
As CEO of InkBridge Networks, Alan expanded the company’s focus to other networking authentication products and systems. His current areas of expertise include network architecture, security analysis and threat mitigation, AAA frameworks, wireless networking, and high-performance server design and implementation.
Alan is a frequent speaker at conferences and provides expert witness testimony and patent consultation services. As one of the world’s top authorities on the RADIUS protocol, Alan has authored many of the standards that govern network interactions.
Network security today includes remote work, cloud services, and mobile devices. How can small businesses handle the complexity of securing their networks across all these areas?
One word: Outsourcing. Small business do not have the resources or experience to properly secure the supercomputers in everyone’s pocket. When Fortune 500 companies are getting attacked despite spending huge amounts on security, it is hard for small businesses to stay safe. The best approach is to use the big providers for email, web, etc. Then make sure that all devices are from reputable providers, and are up to date. No buying cheap phones off of the net!
Cyber threats like data breaches and ransomware are becoming more common for businesses of all sizes. What do you see as the top security risks facing SMEs, and how can they prepare?
The biggest risk is people! Managers not setting correct security policies, or employees not following them.
With network security often seen as a specialized field, what practical advice would you offer to small business owners for assessing and addressing their own security needs?
Trust the big providers for cloud email / web / etc. Don’t think that you’re smarter than them, and can do security better. Then, make sure you have good backups. A 1TB USB disk is about $100. Buy two, and copy all of your sensitive data to each one. Then, keep them in different locations, in a safe (locked) place.
Your recent work on addressing the BlastRADIUS vulnerability was crucial for the security community. Could you tell us about the significance of this issue and how SMEs can protect themselves?
The significance was largely for ISPs and telephone companies. Many of them were vulnerable, and had to upgrade critical systems on an emergency basis. For SMEs, most people don’t use RADIUS. This doesn’t make them safe, though. It means that their networks are essentially open, and are at risk from intruders!
The solution for SMEs is simply to not put anything critical on the local network. Treat it as untrusted, and put all of your sensitive data into a trusted cloud provider.
Looking ahead, what are your key recommendations for SMEs to stay resilient against evolving network threats?
I’ll have to say again: outsourcing. SMEs time is best spent running their business, and growing their customer base. When you spend time “rolling your own” security, it’s time taken away from growing your core business. Any security system you come up with is going to be worse than whatever the big providers can offer.
In short, keep your local systems up to date. Use the OS supplied firewalls and virus scanners. Those are the main actions which will keep the basic threats at bay. The days of small businesses running their own email servers or hosting their own websites are over – it’s just too risky. Even if you have technical staff, their time is better spent supporting your core business operations than trying to outsmart sophisticated attackers.
Remember: security isn’t about being perfectly secure – it’s about managing risk efficiently. The big providers have already solved these problems at scale. Use their solutions, follow their security recommendations, and focus your energy on what makes your business unique. That’s how you stay competitive while staying secure.