Today is a golden age for SMEs. Never before could an SME do business with anyone, in any part of the world, so easily. Making this all possible, of course, is the Internet.
But we know it’s not all sunshine and roses. That same connection that lets the money in can let information out – your intellectual property, your customers’ information, even your financial transaction data. You know that one serious incident could ruin your company, so it’s vital to understand what cybercriminals are up to in order to prepare an effective defense.
The annual Internet Security Threat Report by Symantec tests the waters to see what threats cybercriminals are employing to steal your data, and this year’s report shows the broad spectrum of risks faced by SMEs. Here are some ways to keep your information safe from the latest threats.
Educate your users on targeted attacks
2011 saw an increase in targeted attacks, with cybercriminals specifically targeting organisations using customised malware, as well as targeting employees through social engineering. While we typically see large enterprises in the news for data breaches caused by these attacks, a large number of them – 18% of all targeted attacks, in fact – are directed at businesses with 250 or fewer employees.
To combat targeted attacks, educate users on the threat environment and direct them to avoid suspicious email and social media links, as well as email attachments from unknown sources. They should also exercise caution when sharing information through social networking.
Minimise mobile risks
Mobile devices such as smartphones and tablets are boosting productivity in SMEs around the world. Employees are able to access important information nearly anywhere, and for the most part there has been little danger in using these devices. But cybercriminals are finally starting to pay more attention to these tools, and developing malware to compromise these devices by tracking users and stealing the information on these devices. Mobile vulnerabilities rose 93% in 2011.
Be sure to implement security technology on mobile devices, such as encryption of business information. Combine this with user policies such as mandating password protection and restricting application downloads to minimise exposure to risks while maintaining the productivity these devices provide.
Protecting information and customer trust
Data breaches were all too common last year, and the theft of identities continued to be a focus for hackers and cybercriminals. Hacking causes the most damage in these breaches, but loss or theft of devices is the most common cause.
Data breaches not only lead to financial damage, but they can affect customer trust, which is especially important for a small business to maintain. Data loss prevention technologies can help reduce the information lost in the event of a data breach, and help you identify business processes that need improvement.
Defending against malware
Whether in email or on websites, malware continues to be a concern for SMEs. Many legitimate websites have been compromised by malicious code to infect visitors to blogs, personal hosted sites and even business websites.
Strong endpoint protection, combining traditional antivirus/antimalware abilities with new reputation-based technology, should be used in conjunction with browser protection to prevent malware infection on your systems.
Create a comprehensive security plan
The Internet Security Threat Report paints a picture of threats surrounding us, and SMEs aren’t immune. But there’s no need to panic. Knowing the threats that are out there is key to developing an effective defense strategy. In addition to the tips above, here are a few more ways to shore up your defenses:
Employ multiple forms of protection, from endpoints to each level of your network, including firewalls, intrusion detection and gateway antivirus solutions.
Be sure you are monitoring your network, to identify potential attacks before you are compromised.
Implement intelligent security policies that require confidential information to be encrypted.
Restrict the use of portable file storage devices, such as external USB drives, that can unintentionally introduce malware into your systems.
Finally, be sure your security solutions and patches are kept up to date, to deal with emerging threats.