Last fall’s Symantec Internet Security Threat Report offers sobering news for small-business owners: Internet attackers are moving away from going after large enterprise networks and coming after small businesses. Yet the majority of small-business owners report they are happy with their current security plan, even though nearly three-quarters of them do not have a security plan at all! What gives?
“Before you can fix the problem, you have to know the problem,” says Deirdre Crossan, small-business programs manager for Symantec. And the problem she describes is that small businesses were the second most targeted industry during the first half of 2005 (after education), and the financial services industry was one of the most attractive targets. In fact, more than half of small-business owners disclosed that they’d had at least one security incident in the previous 12 months, and one in 15 reported they’d had between 10 and 25 incidents.
In other words, no matter what size your agency is, it’s important that you learn about computer security. Viruses and hackers are no longer confining themselves to making mischief with your data. By neglecting your security tune-ups, you might be exposing your clients to the risk of identity theft, fraud and other criminal acts.
“The big message to small businesses and financial institutions is that they need the same level of protection as a larger enterprise,” says Crossan. “No business can afford to have an attack, especially if they are dealing with confidential information.”
What’s out there
It’s true; some attacks are more of a nuisance than anything. But those nuisances are taking their toll on your business. Spam, for instance, can overwhelm you to a point that you’re wasting time trying to find the important messages you want to read. But more than that, it can overload your network until your internet access is completely bogged down and nothing can get in or out. If just one person’s email is clogged with spam, your entire network could go down.
According to Symantec, simple solutions to the spam problem include:
- Don’t put your email address on your website. Some spammers have “bots” that go on the lookout for email addresses they can add to their database—and then they sell their databases. Soon, you’re inundated with hundreds of unwanted messages each day. Consider using mail forms on your site instead.
- Consider email security. Spam filtering and blocking programs are available to help get the spam out of your inbox before it gets to you. There are web-based programs that send a challenge to all incoming mail—which your clients may not be keen on responding to. A more convenient solution might be to use one of the numerous software programs you can add to your computer or server.
- Don’t unsubscribe. Surprised? If you didn’t subscribe to a distribution list in the first place, clicking an unsubscribe link will just confirm to the spammer you’ve read his message. And nothing gets you more spam faster than showing a spammer what a good reader you are.
Then, there are the more malicious attacks, including phishing, viruses and spyware. The most important thing you can do is protect your system with antivirus software—and make sure everyone runs their updates regularly. “If a mobile user who goes off the network and connects to the network without running his updates, he could be the one who infects the entire network,” Crossan explains. Some solutions will block that person’s access until they run their software updates.
Also, evaluate your needs periodically to ensure that your solutions are adequate for your needs. “Computer security is not something in a standstill environment,” Crossan says. “The people behind these attacks are becoming more sophisticated in their efforts and are evolving constantly. The solution you put in place yesterday may not be enough to protect you tomorrow.”