The internet security threats that a business faces are not only numerous and varied, but they are evolving all the time. The authors of the malware (malicious software) that infects computers are continually innovating to get around the security measures that are designed to block them.
For example, over the past couple of years there has been a huge increase in attempts to breach firewalls and virus protection via social media and mobile devices, with the perpetrators recognising that these may be weak points in a company’s otherwise well-guarded perimeter.
No room for complacency
Many smaller businesses appear to underestimate the threat but the danger is very real, with attacks occurring every day. In fact, certain security threats – such as cyber espionage – specifically target smaller businesses, as they are seen as a less well-protected route to the larger businesses further up the supply chain.
Security solution vendor Symantec warns that attacks on smaller businesses are generally on the up. Those with fewer than 2,500 employees accounted for around 50 per cent of all attacks in 2012. Symantec’s Internet Security Threat Report 2013 reveals that businesses with fewer than 250 employees are in fact the fastest growth area for attacks
Food for thought
One of the most common cyber security threats is phishing. This is the practise of sending fraudulent emails claiming to come from a legitimate source. The emails encourage recipients to surrender confidential personal information that can then be used to defraud them or their employer. Most people who own or use a computer will have experienced a phishing attempt and will be constantly exposed to the threat. Those working from a business email address need to be especially vigilant – a careless employee could accidentally divulge a lot more than personal details.
Phishing comes in many ingenious forms. For example, a counterfeit Facebook login page could delude an unwary social media user for long enough to allow the phisher to gain useful information. Your company email server should be set to filter out this sort of attack but you should still advise employees to be wary about unusual email requests, and to report anything that appears suspicious. If one of your employees downloads a virus onto your network, the results could be catastrophic, temporarily causing networks to shut down.
A range of antivirus solutions exist – some more effective than others – but as with all computer and internet security, the more precautions you apply, the more likely you are to negatively affect the performance of other tasks. As such, it can be more effective to train employees to recognise what a virus-bearing email might look like, and to warn them against accessing unknown webpages.
Bringing down the business
If phishing and viruses are about tricking unwary individuals, denial of service attacks (DoS) are an attempt to take down a whole business, at least temporarily. Any business that relies on the internet to trade – and these days that is a large proportion of businesses – is potentially vulnerable. Valuable trading time will be lost and reputations can be seriously damaged when a business goes offline without warning. There are a huge number of ways that a DoS attack can happen, and a range of precautions is therefore needed.
Your network firewall can be set up to spot simple attacks when they are beginning, allowing them to be stopped before a company website is taken offline. Intrusion prevention systems (IPS) and DoS defence systems are used by many larger organisations to protect their networks. However, as with a lot of security hardware and software, it costs money to stay safe – money that smaller businesses may not have. As with phishing, vigilant employees can be as effective as any digital warning system when it comes to spotting potential DoS attacks. For example, there might be a huge surge in emails from a particular source that is designed to overload and crash a server.
Put it in writing
A good security policy is affordable for any organisation, and this is the most effective way to ensure human error is not to blame for security breaches. A security policy is a document that outlines the rules for employees when it comes to use of networks, use of removable media such as USB sticks, use of email, use of external internet sites and other well-known areas of security weakness, such as the use of employees’ own devices on company networks.
A good policy should go a long way towards keeping malicious outsiders in their place and also towards controlling or deterring weak links within your organisation. Writing a policy can be a daunting task but there are some excellent downloadable templates available from bodies like the National Institute for Standards and Technology.
When you’re an established business, recruiting top talent in all the areas you need can seem like a never-ending challenge.
If you’re a start-up or small business, how can you put together an attractive employee package to appeal to top talent – graduate and…
More than one million incidents of financial fraud occurred in the first six months of 2016, according to official figures released by…
Santander’s Head of SME International Mark Collings discusses why exporting to new global markets may provide businesses with new and…