MELBOURNE, 27 June 2012 — AVG (AU/NZ) Pty Ltd, distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, warns that many small- to medium-size businesses (SMBs) are still easy targets for cybercriminals.
The recent Australian Business Assessment of Computer Use Security (ABACUS) survey from the Australian Institute of Criminology confirms the high proportion of SMBs that are continuing to take unnecessary risks with their business security. For example, less than 1 in 10 SMBs were found to be automatically updating their computers.
As the inexorable drift towards the mass use of mobile technology in the workplace becomes manifest, combined with SMBs failing to employ the most basic protections, small businesses are leaving themselves vulnerable.
Australia’s smaller organisations are embracing technologies that facilitate mobile working, and yet are not fully alert to the additional risks to business security. For example, businesses are readily adopting social networking as a promotional opportunity to engage with customers, but further precautions such as web link scanning are required to protect against associated online threats.
Michael McKinnon, Security Advisor at AVG (AU/NZ), said: “If you are the owner of a small or growing business, chances are you think you are too small for cybercriminals to be interested in you. But you are well advised to think again. With many cybercriminals using automated scanning tools, unless you protect yourself they’ll eventually find you.”
From his perspective, McKinnon knows that SMBs remain focused on traditional IT vulnerabilities like e-mail and web viruses and tend to be more concerned about losing access to files and replacing hardware. But the dangers also lie in security breaches. These are the costlier risk in terms of lost sales and revenue opportunities. According to the AVG SMB Market Landscape Report 2011, the average cost of a security breach is US$6,370. “Without safeguarding against emerging trends such as information theft and social engineering, SMBs are leaving themselves wide open to the cybercriminals,” he said.
AVG (AU/NZ)’s guidance is to treat Internet security the same way as corporate governance and brand protection. McKinnon says: “This is a boardroom issue, not simply a technology debate.
“No company should be operating without stringent online safety precautions in place, particularly when affordable, effective measures are readily available to them. Having full featured, automatically updated, always on anti-virus and Internet security software running across all company computers and employees’ mobile devices is a must for business continuity.”
The trend is for executives and staff to access e-mail and other proprietary data from more than one device. The risks of not securing them properly are very real. If malware on a mobile device is allowed to remain undetected by users, criminals can gain access to confidential corporate data. The cost in terms of time and expense associated with cleaning these up is often substantial. A report by Computer Economics defines the ‘direct’ costs of malware infections as:
- Labour costs involved in analysing, repairing and cleaning infected systems
- Loss of user productivity
- Loss of revenue due to loss or degraded performance of system
- Other costs directly incurred as the result of a malware attack
Just as business owners lock their doors to keep out burglars, the same should apply to the online world. To bring the shutters down on cybercriminals, SMBs should:
1. Keep protection updated for all computers and mobile computing devices – including USB memory sticks, memory cards, portable hard drives, MP3 players, cameras, smartphones and tablets – that are brought in or taken home by staff, contractors, clients and visitors.
2. Ensure backups are occurring automatically and plan for reducing disaster recovery restoration times.
3. Promote strong password management, with passwords that are not easy to guess, are as long as possible, and which preferably include a combination of upper and lowercase letters, numbers and symbols.
4. As a first line of defence in social networking activity, use AVG’s ‘scan before you click’ LinkScanner technology, embedded in its anti-virus and Internet security solutions, to ensure shared links and files are checked and safe.
5. Ensure staff always log out of every application or social networking site, and always use the highest rather than default security settings.
6. Provide staff with written security guidelines to keep them and your business network safe. Don’t assume that all your staff are tech savvy.
7. Enforce this robust internal policy with regular security audits.
8. If you need to provide visitors with Internet access, invest in networking equipment that provides a DMZ “De-Militarised Zone” that will give your visitors restricted access so they can’t infect your systems, install software or log into your files.
References:
Australian Business Assessment of Computer Use Security (ABACUS)
Australian Institute of Criminology
For the series of informative security tips, how-to and fact sheets see: www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see: www.youtube.com/user/avgaunz
Keep in touch with AVG (AU/NZ)
- For breaking news, follow AVG (AU/NZ) on Twitter at twitter.com/avgaunz
- Join our Facebook community at www.facebook.com/avgaunz
- For security trends, analysis, follow the AVG (AU/NZ) blog at resources.avg.com.au