Think Information. Think Security.
Small businesses are increasingly the target for cybercriminals. Here, one expert shares tips to ensure you stay protected

News articles are appearing every week reporting that consumers have been targeted by cybercriminals and have lost money or that a large organisation has been temporarily shut down.However, in the background these criminals are often targeting small businesses as they present a lucrative income and are easier to attack than larger organisations with dedicated IT professionals.

The majority of small businesses and Growing Business readers will do their banking and accounts online so by hacking into one machine, criminals can gain access to salary details, other critical passwords and bank accounts which can then be used to access money or sell to the cyber-underground.

These are done through key loggers on computers and by hackers monitoring key strokes. Every time you use the keyboard, hackers are able to analyse your movements and even take screen shots to see where you are going.

Educating employees about cybercrime

Employee education is critical and a lot of the time the most overlooked aspect. The most common cause of infection on company systems is the ignorance of the users who click on things they shouldn’t. Simply opening up pop-ups or bringing in a USB stick with personal files such as music, can be ridden with worms because their home PC is not fully protected and these worms will silently move through the office network. Pop-ups are sometimes authentic warnings or error messages but can also be a hacker posing as a legitimate site and by simply clicking on the link the computer can become infected.

Limiting user access control is a simple step one can take to minimise the chance of attack and there are a couple of ways of achieving this. First, there is the User Access Control that comes with Windows Vista and Windows 7. This basically stops executables that are requesting to do something with elevated privileges from running and asks for an administrator password.

       Putting limits on access
Secondly, just limiting access in general; if your employee is using a computer for one task and one task only, and they don't need access to the Internet, why risk that computer? Give as limited privileges as you think your employee needs to complete the job efficiently.

Sharing files or using peer-to-peer (P2P) type programmes should be blocked as this poses a substantial risk as you’ll never know exactly what is hidden in the files you are receiving. When putting a file in a folder that is shared on a P2P network, it will be shared with all other people connected to that folder and almost anyone can access it. The easiest way to limit this threat is by banning employees from using any file sharing services outside of your network.
Getting anti-malware software

The final step to take when protecting your business is to look at the technology you are using. When using security software, layering is essential. The majority of anti-virus products were designed 10-15 years ago and while still effective, they aren’t specifically designed to stop the latest breed of criminal software.

They were originally designed to run using signatures. However, this is now too slow and the latest malware is moving much faster. Anti-malware systems block malware on behaviour rather than what they look like, which makes it easier to catch newer Trojans. Using anti-malware software alongside your existing anti-virus will greatly enhance protection and reduce the chance of infection.

A good mail spam filter will help prevent scam emails which often use social engineering to trick users. These scam emails can manipulate people into divulging confidential information by posing as a bank or credit card company for verification of personal details. Using a spam filter will help to block these and other types of spam emails. There are both software and hardware options for mail spam filter and this can be installed by the user as either a separate programme or as part of their email programme. Anything that blocks spam before it gets to the employee is ideal.

It is also crucial to frequently backup data, both on-site and off-site. This can be done at the end of the day by backing up your Outlook emails to the server or onto another electronic device such as a USB. Ideally one should use remote locations like cloud servers wherever you can. Cloud servers are now relatively easy to buy online at affordable rates for small businesses so there should be no excuse to not invest.

Updating security software regularly is also imperative to ensure your business is protected against the latest emerging threats. Even unrelated software, such as web browsers, operating systems, Adobe etc need to be kept up to date to ensure there is no attack. Individual users must also remember to update their security software which appears in the tray at the bottom right hand side of the screen. It is easy to ignore these requests but by doing so you open yourself up to attack.

A small business owner has many demands on his/her time and if you are a technophobe, all of the above can seem daunting. However, if you want to stay ahead of the game then you need stay protected. If you can apply the simple steps of educating employees, controlling access in the workplace and using the right software then you will be doing your bit to fight cybercrime.

Cross-posted from: Growing Business

7/13/2012 08:43:51 pm

Thanks for taking the time to discuss this, would you mind updating your blog with more information? It is extremely helpful for me..


Leave a Reply.