AVG (AU/NZ) Highlights the Dangers and Suggests Some Solutions
Melbourne and Amsterdam, 22 February 2011 — Small to medium-sized businesses are increasingly becoming targets for cyber criminals. Shutting the door on cyber criminals is not enough — companies need to embrace and adopt a concrete lock-down process that constantly monitors for new and emerging threats from a variety of channels.
Lloyd Borrett, Security Evangelist for AVG (AU/NZ) Pty Ltd, says, “The journey toward success for any small business owner is usually a long one. By merely embarking on it, you open yourself up to attacks that fly in from all quarters. At least when it comes to competitors, you can be on the lookout. But what about cyber criminals? Do you know what’s out there? Do you know how they can come at you? Will you be prepared when they do?
“Cyber criminals will turn your most valuable assets against you. That same Internet connection you use to make financial transactions can let in a Trojan horse. The iPhone and Android smart phones your workers use to communicate with each other could be used to gain access to sensitive company documents. The social media channels you use to engage customers can be hijacked and used to harm your reputation. How can you arm yourself with the digital tools you and your workforce need to succeed without those very same tools being used against you?
“Too many small business owners are letting their guard down. The very people we hire to help us succeed are very often the people that can cripple a network and bring down a business — all because they didn’t know how to exercise proper caution in their use of the Web and mobile.
“In line with our bid to help small to medium-sized businesses, we’ve highlighted five doorways through which cyber criminals can access company data.”
Door #1 – Social Networks and Community Bad Spirits
Danger: TRUST. Most social networking activity revolves around community spirit and sharing a wide range of data including documents, music, video and links. People trust people they know. Users are more likely to click an infected link if it comes from a trusted colleague or friend.
Solution: There are two ways to help protect against this. Firstly, using AVG’s free ‘scan before you click’ LinkScanner technology will ensure shared links and files are checked and safe. Secondly, beef up your security policy. Forty percent of companies allow access to social networking technology, but only 23 percent of businesses say they have any appropriate security policies in place. Offer staff some guidelines to keep them and your business network safe.
Door #2 – Instant Messaging and Spam Chat
Danger: Viruses and other malware can be hidden in files sent via Instant Messaging (IM), so introduce some policies to educate and control the use of IM. Some IM services link your screen name to your email address when you register. Having your email address so readily available can result in an increased number of spam and phishing attacks.
Solution: Don’t use an email address that can be easily identified by your IM username.
Door #3 – Insider Threats: Right Under Your Nose
Danger: Although businesses might rightly be more concerned about shadowy cyber criminal outsiders, the reality is that employees are responsible for introducing the majority of malware onto company networks and thus pose a similar or even greater threat.
Solution: Background checks on potential employees — especially IT and technical staff — are essential, and high-risk businesses should consider using advanced tools to conduct criminal history and social security searches to ensure their employees are totally trustworthy. The best advice is relatively basic — trust your gut feel, educate staff on keeping their data and network safe and enforce a robust internal security policy combined with a security audit.
Door #4 – Don’t Lose Remote Control
Danger: While preventing staff from leaking malware into a business has its challenges, staff who are allowed to access the company network remotely are even harder to control. Allowing staff to use their own smartphones, tablets, and PCs for work increases the risk that malware may get inside the company network.
Solution: An obvious way to close this security hole is to prevent staff from using their own machines. Businesses could use virtualisation technology to create a virtual safe-zone within your hardware — like an embassy does in a foreign country. Whatever your approach, it is essential to establish a strong set of security controls that ensure all staff only use hardware with appropriate Internet security software in place, with automatic updates working and subject to regular audit procedures.
Door #5 – USB Sticks and Smartphones
Danger: Plug-in memory USB sticks and portable drives are particularly good at spreading malware. They appear innocuous compared to a laptop or smartphone but can hold several gigabytes of code — some of which may be malicious. Allowing employees an unchecked option to insert these into company computers is an unnecessary risk. Email-equipped smartphones pose similar risks to company networks as desktop computers. Smartphones can help spread malware onto other susceptible devices on the network and hackers have been known to use text messages to guide unsuspecting users onto web sites containing infected code.
Solution: Removable devices can be automatically checked using AVG’s business security software, or users can choose to run a manual scan before accessing any of the files on the stick. Business owners should also create policies to keep personal and business drives separate on any machine.
Borrett says, “These five doors need to be slammed shut to prevent small to medium-sized businesses from becoming the latest victims of cyber crime. Make no mistake, these businesses are a target, and the threats are many.
“The good news is that the AVG Small Business Security Guide provides some simple but effective steps you can take to secure your business. Plus AVG’s Business Resource Centre has a library of guides and tools that can help you protect your business from identity theft, data breaches, online banking break-ins and other computer crimes.”
AVG (AU/NZ) also has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see http://www.youtube.com/user/avgaunz.
Keep in touch with AVG
For breaking news, follow AVG (AU/NZ) on Twitter at www.twitter.com/avgau