In August, Twitter users were warned of a new virus spreading through the social networking Web site. The virus, Koobface, sent individual tweets from infected computers inviting users to click on a video Web link. The link would take the user to a fake Twitter page where they were encouraged to download a Flash update. Users thinking they were downloading a new version of Flash were inadvertently downloading the virus onto their computer. According to Kaspersky Lab, an anti-malware company, viruses can spread 10 times more effectively through social networking sites than via e-mail. Data gathered by ScanSafe, a global provider of Web security, showed that 76% of companies are now blocking social networking sites. The number of companies blocking social networking sites has increased by 20% in the past 6 months.
According to 2009 Storage and Security in SMB Survey, a survey conducted by Symantec, a security, storage and systems management solutions company, most small to mid-sized businesses (SMBs) recognize the need for comprehensive data safety. While businesses understand the importance of avoiding viruses such as Koobface, many do not have the capability to implement proper security. According to the survey, which questioned 1,425 SMBs with 10 to 500 employees, 42% do not have anti-spam protection on their computers and almost half do not back up their desktop computer, leaving their company’s important information at risk. One-third of the companies surveyed admitted they did not have anti-virus protection, considered the most basic of data protections.
“Security involves complexity and things like anti-virus need to be managed,” Jim Herbold, vice president of sales for Box.net, an online file sharing and collaboration company, said. “There might be a certain set of people that have their heads in the clouds, but I think data security is on the long list of things employers need to get done in their small business.”
Herbold acknowledged that in order to enhance their data security, SMBs may be financially obligated to sacrifice another part of their business. In the current economy, businesses have been forced to reprioritize their entire business structure. Data security, for certain small businesses, may not be their number one concern.
“A lot of small to mid-sized businesses may not have dedicated information technology resources,” Herbold told O&P Business News. “So it will be really challenging to do something comprehensive in-house.”
Blake McConnell, Symantec senior director of product management, SMB security solutions agreed.
“A small business is likely much more resource-constrained than their enterprise counterpart,” he said. “The resource constraint could be IT personnel, servers, clients or budget.”
Comprehensive data security may no longer be an option for your small business, but that does not mean your company should remain at risk. Simple security and basic protections may help prevent your business from catastrophic data loss that could doom your company.
“The factors that lead to vulnerability, threats and attacks are surprisingly straightforward and simple,” McConnell said. “Today’s security breaches and attacks target companies with poorly protected infrastructures, poorly protected information, poorly enforced IT policies and/or poor systems management.”
In order to prevent attacks, McConnell suggested understanding the threats and vulnerabilities that are out there and then use tools to mitigate those risks.
“A security blueprint that protects the company’s infrastructure and information, enforces IT policies and manages systems more efficiently can help businesses increase their competitive edge in today’s information-driven world,” McConnell added.
Losing a hard drive to a preventable crash could cause the loss of tremendous amounts of data and will damage your company’s reputation. According to the Symantec survey, the leading cause of loss reported by SMBs was “system breakdown and hardware failure.” The key to preventing a data breach is implementing a software-based data loss prevention system. According to McConnell, the loss prevention system should provide visibility into where confidential data is stored, monitor employee activity on and off the corporate network, prevent confidential data loss and manage all data loss prevention policies and remediate from a single console.
“Protecting information is no longer just about security,” McConnell explained. “It is about ensuring that data is available immediately, even in the event of a massive IT systems failure. Business requirements and security threats demand a blended approach to storage and security.”
The Symantec survey also suggested that employees lack the skills to implement data protection. Forty-one percent of SMBs cited employee’s inability to grasp the necessary data technology as one obstacle in data protection. Herbold and McConnell believe there should be some form of training with employees regarding data security.
“SMB security is only as good as its weakest link,” McConnell said. “SMBs must ensure that staff are educated on data security and the company has policies in place.”
Herbold also mentioned password security and management as an easy way to improve your company’s security.
“Using ‘Temp123’ for everything you have access to online is not a wise strategy,” Herbold said.
“We get a lot of questions about security in the front end of conversations when people are considering hiring us,” Herbold said.
Herbold admits that when it comes to security, you get what you pay for. Saving a few dollars on data security in a down economy may be helpful in the short term, but businesses must be aware that they are risking far more than they are saving in the long term.
According to the Symantec survey, SMBs are looking to improve their security by raising their annual budgets for IT services. Fifty percent of respondents say they plan on increasing their IT security and storage within the next 12 months. The survey pointed out that the median IT budget was $4,500 a year for the SMB.
As technology improves, security threats become even more complex. The economy and budget constraints have made it even more difficult for small businesses to defend against sophisticated threats. Unfortunately, viruses do not care if your company is on a tight budget.
Intricate spyware, spam and phishing threats provide proof for some businesses that implementing a simple anti-virus is not enough protection. According to Symantec, sophisticated threats have the ability to target specific information about your company and at the same time, evade traditional security solutions.
In April, the Conficker worm spread across networks through vulnerable computers. According to Symantec, the worm allowed its creators to install software on infected computers. Conficker would enter your computer and disable many security services, block access to a number of security web sites and allow computers to receive additional malware. It would then try to copy itself in shared folders on networks and USB devices, like memory sticks.
How do you protect yourself from malware that has the ability to morph itself in order to evade virus protections?
Symantec recommends businesses install firewalls that monitor Internet activity, as well as anti-spyware and anti-spamware. Many security solutions companies have all-in-one protection suites that provide sound safeguards against sophisticated threats.
“There are answers out there,” Herbold said. “There are solutions in the online world, especially for the SMB.” — by Anthony Calabro
For more information:
- Cochran, Randy. Business Solutions. anti-virus is not enough. Available at http://bsminfo.com/index. Accessed Sept. 18, 2009.
- Kaspersky Lab. Kaspersky Lab offers free guide to staying safe online in the wake of the latest facebook phishing attack. Available at: http://www.kaspersky.com/news. Accessed. Sept. 14, 2009.
- Secure Computing Magazine. New koobface variant hits twitter users. Available at: http://www.securecomputing.net. Accessed Sept. 14, 2009.
- Scan Safe. Employers crack down on social networking site. http://www.scansafe.com/news. Accessed Sept. 14, 2009
- Symantec Corporation. SMB aware of security risks, but not doing all they can to protect information. Available at http://www.symantec.com/news. Accessed. Sept. 8, 2009.