By Mike Cote
Mike Cote is vice president at Dell Secureworks.
Mike Cote is vice president at Dell Secureworks.
Mike Cote With the diversity of security attacks globally, it is becoming increasingly difficult and complex for small and medium-sized businesses to assemble the right in-house resources to protect themselves against the cyber threats they face, whether it’s a data breach through the network, data leakage by employees, or lost laptops or mobile devices. We have also seen an uptick in the number of court cases, where SMBs have had six-figure amounts stolen out of their bank account by cyber thieves. The liability for these breaches is being shifted to the CIOs and IT managers, as SMBs are being accused of not taking the appropriate precautions to protect their data. The need for comprehensive information security is more pressing now than ever before.
According to estimates, cybercrooks are stealing as much as $1 billion a year from SMBs in the U.S. and Europe. One startling example of the effects of increased security liability for SMBs lies with a small, family-owned construction company in Maine, PATCO Construction. PATCO was victim to a cybercrime that cost the company half a million dollars in 2009. While the bank was able to recover about $150,000, the construction company sued the bank for the remaining $350,000. In May 2011, the court ruled in favor of the bank, claiming that the bank followed Federal Financial Institutions Examination Council guidelines set in 2005 for multi-factor authentication for online banking, leaving PATCO unable to recover the hundreds of thousands of dollars lost.
A single financial attack could put a smaller company out of business or irrevocably cut into annual profits for a medium-sized business. The implications of a financial breach can be a matter of life or death for SMBs.
Ensuring that organizations not only have the right network security solutions in place but have implemented comprehensive endpoint security is important to defending against the current and emerging cyber threats. This is especially relevant as we have seen hackers move from attacking the network to attacking the PC. Organizations should reevaluate their current security precautions on a regular basis and make sure these measures are communicated company-wide.
Here are 8 simple steps to help protect financial data and minimize risk:
1. Use a dedicated computer for financial matters such as online banking and bill pay. That computer should not be used for extraneous activities such as sending and receiving emails or surfing the Web. Web exploits and malicious email are two key infection vectors for malware.
2. Avoid clicking on links or attachments within emails from untrusted sources. Even if you recognize the sender, if an attachment is unexpected or looks suspicious, you should confirm that the sender has sent the specific email before clicking on any links or attachments.
3. Reconcile your banking statements on a regular basis with online banking and/or credit-card activity to immediately identify abnormal transactions that may indicate account takeover.
4. Advise your employees against visiting small, hosted websites that feature community forums for hobbies involving sports, computer games, etc. These small community forums are often hosted by Internet Service Providers which are not diligent about securing their hosted websites.
5. If you are visiting a website and are not sure if it has been secured from viruses, observe the quality of the site. Watch out if the site appears to be quickly put together and is not sophisticated or has a disclaimer that warns browse at your own risk and indicates the authors are not liable for any information you might see on the site
6. Make sure you have your security protections in place throughout the organization and install regular updates for your applications and for your computer’s operating system.
7. Be cautious about installing software (especially software that is too good to be true – e.g. download accelerators, spyware removal tools, etc.), and be cautious of pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.
8. Do your homework before selecting an anti-virus vendor, ensuring that they not only provide coverage for the key threats but also respond quickly with protections when new ones are introduced. Invest in an anti-virus product instead of using “trial versions” as your source of protection.Trial versions of anti-virus products are good for testing products but they do not receive updates, so any new virus that is introduced after the trial version was released will have total access to your PC.
The bottom line: It’s much more expensive to deal with the consequences of a financial breach than it is to prevent one. Don’t wait until the last minute to find out just how essential it is and start putting your security precautions into place before it’s too late.
A single financial attack could put a smaller company out of business or irrevocably cut into annual profits for a medium-sized business. The implications of a financial breach can be a matter of life or death for SMBs.
Ensuring that organizations not only have the right network security solutions in place but have implemented comprehensive endpoint security is important to defending against the current and emerging cyber threats. This is especially relevant as we have seen hackers move from attacking the network to attacking the PC. Organizations should reevaluate their current security precautions on a regular basis and make sure these measures are communicated company-wide.
Here are 8 simple steps to help protect financial data and minimize risk:
1. Use a dedicated computer for financial matters such as online banking and bill pay. That computer should not be used for extraneous activities such as sending and receiving emails or surfing the Web. Web exploits and malicious email are two key infection vectors for malware.
2. Avoid clicking on links or attachments within emails from untrusted sources. Even if you recognize the sender, if an attachment is unexpected or looks suspicious, you should confirm that the sender has sent the specific email before clicking on any links or attachments.
3. Reconcile your banking statements on a regular basis with online banking and/or credit-card activity to immediately identify abnormal transactions that may indicate account takeover.
4. Advise your employees against visiting small, hosted websites that feature community forums for hobbies involving sports, computer games, etc. These small community forums are often hosted by Internet Service Providers which are not diligent about securing their hosted websites.
5. If you are visiting a website and are not sure if it has been secured from viruses, observe the quality of the site. Watch out if the site appears to be quickly put together and is not sophisticated or has a disclaimer that warns browse at your own risk and indicates the authors are not liable for any information you might see on the site
6. Make sure you have your security protections in place throughout the organization and install regular updates for your applications and for your computer’s operating system.
7. Be cautious about installing software (especially software that is too good to be true – e.g. download accelerators, spyware removal tools, etc.), and be cautious of pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.
8. Do your homework before selecting an anti-virus vendor, ensuring that they not only provide coverage for the key threats but also respond quickly with protections when new ones are introduced. Invest in an anti-virus product instead of using “trial versions” as your source of protection.Trial versions of anti-virus products are good for testing products but they do not receive updates, so any new virus that is introduced after the trial version was released will have total access to your PC.
The bottom line: It’s much more expensive to deal with the consequences of a financial breach than it is to prevent one. Don’t wait until the last minute to find out just how essential it is and start putting your security precautions into place before it’s too late.
No comments:
Post a Comment