This month is National Cyber Security Awareness Month, the seventh-annual public awareness campaign that encourages individuals and businesses to take action towards protecting their information and the computers where it resides. According to a new survey of U.S. small business owners sponsored by National Cyber Security Alliance and Symantec, and conducted by Zogby International, that will be released later this month, seven in ten (69 percent) of small businesses report that Internet security is critical to their business' success.
National Cyber Security Awareness month gives SMB owners and IT professionals a good opportunity to open up a dialogue and establish policies for employees to help mitigate security threats – whether they are spam, malware, phishing, or any combination. It is important to keep employees educated on the latest threats and what they can do individually to combat them.We’ll be posting more tips and examples throughout the month, along with more statistics from the joint National Cyber Security Alliance and Symantec study. Stay tuned for more.
And as National Cyber Security Awareness Month begins, this is a perfect time for SMBs to reevaluate their security needs. Recent Symantec reports have clearly debunked the myth that SMBs are too small for targeted attacks. In fact, cybercriminal see SMBs as a prime target. Back in July, we talked about how some types of attacks more frequently target SMBs. We keep finding examples of why SMBs can’t let down their guard when it comes to security. Recently, we’ve seen targeted spam attacks become a problem for small businesses.
For example, spammers are increasingly using a traditional technique called a ‘dictionary attacks’ against SMBs. This trick uses dictionaries of first names and last names combined with a target domain. Spammers generate millions of potentially valid email addresses for a single domain. Spammers might try the following name and/or word variations:
An attack like this can be a problem for a large enterprise – even those with anti-spam technology in place – because the servers are still forced to accept the email connection, even if they are going to reject it because the user doesn’t exist. But imagine how this can impact an SMB with a server designed for 250 or fewer users.
For most small businesses, the solution is a combination of a good mail and Web security solution and smart internal policies and employee education.