Internet Security Threat Report XV: Tips on how to avoid threats
Symantec has released its latest Internet Security Threat Report (ISTR XV). The report is a recap of all of the threats posed to businesses and consumers in 2009. The ISTR is a great tool for SMBs to use in educating their employees on the threats that are plaguing businesses right now. In addition to highlighting the report’s trends, Symantec has put together a list of tips for SMBs to protect themselves against the malicious threats documented in the ISTR.
Tips for how to Avoid Threats Described in the ISTR:
Threat: Credit card information was the most commonly advertised item for sale on underground economy servers known to Symantec for $0.85 to $30 per credit card number.
Advice for SMBs:Safeguard financial data:The numbers from Symantec’s ISTR XV show that more than ever, financial information is a hot commodity, particularly credit card data. Be sure to implement an integrated security solution as well as information protection policies to safeguard your sensitive financial data as well as your customers’. This includes bank and credit information stored on your computer or mobile device. Sadly, SMBs’ bank accounts are not protected like those of consumers. If an SMB’s financial data is compromised, it could mean the end of their business.
Threat: In 2009 physical theft or loss accounted for 37 percent of data breaches that could lead to identity theft—a decrease from 48 percent in 2008.
Advice for SMBs:Educate employees – do not leave devices where crooks can access them:Prevent a data breach by educating your employees on the importance of protecting their devices. Good, common-sense best practices are part of the solution for protecting data. Do not leave your mobile device lying around for others to pick it up. Keep it on your person or in your sight at all times. Also, deploy technology that delivers a unified solution to discover, monitor, and protect confidential data wherever it is stored or used.
Threat: Vulnerabilities of browser-based applications are the fastest-rising information security flaws for businesses. During 2009, Mozilla Firefox was the most targeted browser platform, whereas Google Chrome and Apple’s Safari took the longest to gain protection after a flaw was identified.
Advice for SMBs:Implement more than just antivirus:As the number and sophistication of Web-based viruses and malicious code continues to threaten businesses, SMBs need to be secured with more than just traditional antivirus technology. Policies and education need to be coupled with an integrated solution to protect information wherever it is accessed—from servers to desktops and laptops. Install an integrated security suite solution that will prevent virus infection, block intruders, protect privacy, and stop malicious programs. In addition, all network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorized entry and malicious activity.
Threat: In 2009, spam made up 88 percent of all email observed by Symantec. The most common type of spam detected in 2009 was connected to Internet-related goods and services.
Advice for SMBs:Don’t be lured in by spammers and phishers:To shield themselves from cyber criminals, SMBs must deploy the proper email security solutions, including spam prevention that protects company reputation and manages risks. It is important for SMBs to know to delete all spam and avoid clicking on suspicious links in email or IM messages. In addition, never open unknown email attachments, and do not fill out forms in messages that ask for personal or financial information or passwords. Spammers are using everything from current events to well-known companies and brands to give users a false sense of security when navigating through their email.
Threat: Hacking accounted for 60 percent of the identities exposed in 2009, a marked increase from 22 percent in 2008.
Advice for SMBs:Be aware!Awareness of the risks and available safeguards are the first lines of defense for the security of information systems and networks. Technology alone cannot secure an organization. An organization’s workforce must understand information security issues and behave in a manner that minimizes risks. Create and enforce policies that identify and restrict applications that can access your network and ensure employees follow best practices when they work remotely.