What would you do if your network’s defences were breached and your precious user accounts, financial and customer data were pillaged?
Not only would your intellectual property be jeopardised but the chances are that just one such breach could put you on the road to ruin. Overstated? Not really when you consider how much your business now depends on the Net.
A National Cyber Security Alliance and Symantec survey conducted in September of 2012 discovered that 77% of 1,015 small businesses (less than 250 employees) thought they were safe from cyber attacks. In this they were somewhat deluded, as 83% of them had no cybersecurity plan, although their online business operations were increasingly using social media and the Cloud. (see infographic below)
“When it comes to cybersecurity protection, the biggest problem that small and medium-sized business owners often fail to address also happens to be the most critical: Awareness.
A lack of awareness by employees is the root cause of most of data leaks and other security incidents, and no matter how secure your data centre may be or how strongly communications are encrypted, the weakest link will always be the human beings interacting with the network.”
Symantec offered seven tips that companies could and should adopt to make things more difficult for hackers and cyber-criminals:
- Determine what it is that you need to protect. Undertaking a security audit will pinpoint where you information is currently stored and used. You can then beef up your defences as required.
- Enforce strong password policies. If you are serious about data protection then make sure your passwords are at least eight characters in length and contain combinations of letters, numbers and symbols. e.g. read!671DC. And do differentiate your passwords; don’t use the same one for social media and online financial transactions for example.
- Don’t wait for a security disaster to occur. Plan in advance with a comprehensive Preparedness Plan which should:
– provide information on the identification of possible scenarios
– tell you which are your critical resource that need protection
– identify what is the appropriate security that needs to be put in place
– establish the regular routine of archiving of business-critical files using a suitable backup solution
– timetable the frequent testing you need to ensure your disaster response is satisfactory.
- Encrypt highly sensitive information on desktops, laptops, mobiles and removable media to protect your confidential information from unauthorized access.
- Educate your staff by providing training and a develop Internet usage and data security guidelines and policies. These should include clear guidelines for the sharing of information with any of the team that work remotely and details what you are prepare to share with your partners.
Using Wi-Fi connections in public cafes with phone or tablets can be particularly risky so they need to be made aware of the exact name of their network and login steps.
Clearly spell out what staff should do if they discover malware or suspect their data has been accessed by unauthorised third parties. The same applies if they inadvertently leave their laptop or data device on public transport (and yes it does happen!). What course of action should they take? Who in your organisation should they immediately contact?
- Makes sure that the security solution you have chosen is modern and up to date. The pick of the anti-virus crop do more than just look for viruses and spam; they scan files regularly for unusual changes in file size, malware programs and suspicious email attachments.
- Make it daily practice to update your security solution (anti-virus software). The best ones quickly respond to new viruses, worms, Trojan horses and other malware with new updates.
All of the above requires investment in time and also financially, but prudent risk management makes the above a necessity.
The founder of Flippa.com, Matt Mickiewicz, explains to the Washington Post’s J.D. Harrison:
“Everything we do is online, so cybersecurity, and its inherent association with trust, is a high priority. It’s also a core competency of our team, so we tend to do the bulk of it ourselves. We use tools such as risk matrices, plotting likelihood against impact, to determine how much we invest in this space. Our resources are immediately assigned to anything with high likelihood and high impact.”
So Most Expensive is Best?
Buying the most expensive antivirus product around may turn out to be a waste of money. A report, called Assessing the Effectiveness of Anti-Virus Solutions and carried out for he security firm Imperva by the University of Tel Aviv, suggests that poor detection means that free programs offer better value for business.
82 new malware files were tested through the VirusTotal system which checks files against around 40 different antivirus products; the initial detection rate was a big fat zero!
Imperva’s researchers concluded that two free antivirus products, Avast and Emisoft, were the “most optimal” of the ones they reviewed. McAfee also passed muster.
Imperva’s CTO, Amichai Shulman is quoted as saying “We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions.”
One product that looks promising is ZeroVulnerabilityLabs which addresses the security challenge from a different angle. You can try out their free program which they claim stops malware from exploiting a wide range of software vulnerabilities, whether they are known ones or not.
This free utility is part of a layered approach (users still need antivirus and other security mechanisms) to fight against the plague of exploit kits which are infecting thousands of users every day.