By Robert Gorby
Corporate security is serious business, but what about small businesses? How do owners know if they're unconsciously leaving the backdoor open to cybercriminals? Monitoring for new and emerging threats is a daunting task, particularly when the small business owner wears a second hat -- IT manager. Cyberattacks come through a variety of channels. There are five backdoor entrances every small business should guard against.
Door #1: Social networks and community bad spirits. Most social networking activity is concerned with community spirit and sharing of a wide range of data including documents, music, video and links. The biggest problem here is trust. People trust people that they know, or that they think they know. This means that users are more likely to click an infected link if it comes from a trusted colleague or friend. Beef up your security policy. Only 23 percent of companies have any security policies in place that specifically addresses social media. Offer staff some guidelines to keep them and your company network safe.
Door #2: Instant messaging and spam chat. Viruses and other malware can be hidden in files sent via instant messaging. Introduce policies that educate and control the use of IM. One important step is to ensure that users' emails cannot be easily identified by their IM username; some IM services link your screen name to your email address when you register. Having your email address so readily available is likely to increase spam and phishing attacks.
Door #3: Insider threats right under your nose. While companies might rightly be concerned about outsiders breaking into their networks, employees pose a similar or even greater threat. Staff are in fact responsible for introducing the majority of malware onto company networks. You may want to consider running additional background checks on IT staff in responsible positions before hiring them. The best advice is relatively basic: trust your gut feeling, educate staff on keeping their data and network safe and enforce a robust internal security policy combined with a security audit.
Door #4: Loose remote control. While preventing staff from leaking malware into a business has its challenges, staff that are allowed to access the company network remotely are even harder to control. Employees who use their own machines for work increases the risk that malware may get inside the company network. An obvious way to close this security hole is to prevent staff from using their own machines.
There are other ways around this such as using virtualization technology to create a virtual safe-zone within your hardware, like an embassy in a foreign country. However, it is arguably simpler and more effective to establish a strong set of security controls that ensure all staff only use company hardware with antivirus controls and subject to updates and audit procedures.
Door #5: USB sticks and smartphones. USB sticks are particularly good at spreading malware. They appear innocuous compared to a laptop or smartphone but can hold several gigabytes of code, some of which may be malicious. Allowing employees an unchecked option to insert these devices into company computers is an unnecessary risk. Removable devices can be automatically checked using security software or users can choose to run a manual scan before accessing any of the files on the stick. Business owners should also create policies to keep personal and business drives separate on any machine.
Email-equipped smart phones poise similar risks to company networks as desktop computers. Smartphones can spread malware onto other susceptible devices on the network, and hackers have been known to use text messages to guide unsuspecting users onto websites containing infected code.
Robert Gorby is global head of Small Business Propositions for security vendor AVG.
Copyright Betanews, Inc. 2010