Having been an entrepreneur myself, I understand how small business owners put their blood, sweat and perhaps a few tears into building their businesses. For many of us, we’re living our dream, which comes with sacrifices and triumphs. But how many have stopped to think about some of the more frightening realities of small business ownership? I’m guessing that few have considered how one security attack could easily take it all away. Recently, the FBI issued a warning (PDF) to small businesses about online scams in which stolen banking credentials were used to siphon $11 million from U.S. small- and mid-sized businesses to companies in China.
The threats are real and ignoring them could cost you your business. So how do you protect yourself? Here are six tips to help you avoid the malware and cyber scams that are increasingly targeted at small businesses just like you:
Use common sense: Delete dubious attachments – especially if they’re from an unrecognized source. For example, don’t download tempting animations on a site that looks highly unprofessional. And don’t click on links in messages that seems strange or out of character, even if from a known “friend.” A common method used by attackers is to pose as a friend and send messages to users with files that are infected with malware.
Be smart when downloading: Symantec’s latest Internet Security Threat Report shows that the number of daily Web-based attacks in 2010 was 93 percent higher than in 2009. This reinforces the need to avoid downloading files you can't be sure are safe, including freeware, screensavers, games and any other executable program – any files with an ".exe" or ".com" extension, such as "coolgame.exe." If you do have to download from the Internet, be sure to scan each program before running it. Save all downloads to one folder, then run virus/malware checks on everything in the folder before using it.
Be careful with e-mail attachments and links: The April 2011 MessageLabs Intelligence Report in April indicates that 1 in 168 emails contain malware. Scan all incoming e-mail attachments for malware, even if employees recognize and trust the sender. Attackers increasingly employ very targeted methods in which they research key victims within each corporation and use tailored social engineering attacks to gain entry into the victims’ networks. Malicious code can then slip into systems by appearing to be from a familiar source. Also, be sure e-mail programs don't automatically download attachments. Refer to your e-mail program's safety options or preferences menu for instructions.
Use a reliable security solution: Today's security solutions—whether delivered as software or hosted services—do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software's database of known malware, suspicious e-mail attachments and other warning signs. It's the most important step small businesses can take toward keeping your computers clean of malware.
Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current. The good solutions make this seamless, but if you want to alleviate this burden all together, you can also use a hosted service, which will automatically update occur transparently over an Internet connection to help keep employee systems current and consistent with policies whether they are in the office or on the road.
Be sure to educate your employees on these points and implement policies that ensure that your company is following these guidelines. It may take an investment of time and money at the beginning, but these preventative measures will save even more time and money in the long-run. Don’t risk your company falling victim to a malware attack.
*Steve Cullen recently re-joined Symantec as Senior Vice President of Marketing and Strategy for the company's SMB organization. After leaving Symantec in 2005, Steve followed his passion for astronomy and started a technology venture called LightBuckets, which provided time on research-grade telescopes to hobbyists, astrophotographers, and researchers via the web. During his prior nine years with Symantec, Steve served in various capacities in strategic marketing, product management, and at the executive level.