A cyber-crime battle has broken out across business networks
nationwide, and it's not just enterprises in the line of fire. A study
by Verizon Communications released in April found that one third of all
2008 data breaches came at the expense of businesses with 100 employees
or less.
The scale of these breaches might not compare with those at their
enterprise counterparts, but for small businesses, the sting of
malware, botnets and Trojan horses can be just as sharp.
“A small business' attention to customers has to remain paramount,” says John N.
Stewart, vice president and chief security officer at Cisco. “Security aimed at
protecting your customers' information – as well as your own – must be an integral
part of how you operate.”
Even as threats grow more exotic, small business owners can take some basic steps to
reduce the risk of falling victim.
Step 1:
Treat Your Business Like a Business
For many
small businesses without dedicated IT personnel, the answer to technological
needs is often a trip to the local retail store for an easily deployed piece of
hardware. This saves on installation hassles, but it can also open up sensitive
information to outside intruders. As a whole, built-in security features on
devices designed for home use don't come close to those made for even the
smallest businesses.
Step 2:Protect the Perimeter
An
effective firewall essentially serves as a virtual barrier between your network
and the outside world.
Even
entry-level business-class firewalls provide essential security features such
as packet inspection (to verify every piece of data that passes through them)
and intrusion protection.
Firewalls
can also function on a “white-list” basis, allowing nothing but data from approved
domains to enter the network. This is especially important when it comes to the
subset of malware-infected sites and e-mail attempting to pass itself off as
having come from a legitimate organization.
Step 3:
Stay Updated
The people
who create malware are both smart and relentless. Should new security
technology effectively block their efforts, they simply adjust their tactics
until they're able to avoid the existing traps.
“If the company whose security measure you're using says there is a new version,
you have to get it, evaluate it, and ideally, deploy it,” says Stewart. “You
absolutely have to keep your security posture current.”
Step 4:
Pay Attention
Botnets –
collections of malware-infected machines that can be unwittingly controlled by
a third party for nefarious activities such as mass spamming – are especially
dangerous because there's often little tactile evidence they're even present.
The best botnets work in the background, offering slightly slower processor
speed as the primary clue to their activity.
Numerous
security companies have placed defense against botnets among their priorities,
making updated anti-virus subscriptions and software patches all the more
vital.
Step 5:
Protect Yourself from the Inside
In January,
a study from Purdue's Krannert School of Management quoted 46 percent of the
American companies it surveyed saying that “laid-off employees are the biggest
threat caused by the economic downturn.”
But it
isn't just disgruntled employees who may create security breaches; employees
who don't know how to properly protect assets can also pose a risk. That means
businesses must foster a security-aware culture in which protecting data is a
normal and natural part of every employee's job, providing the tools and
education that employees need to keep their businesses secure.
Cisco
