Ten years ago, a malware attack may have been annoying for SMBs, but it likely would not have affected their customer service. Today’s attacks, however, are far more likely to hit SMBs’ bottom line. Why? Customers don’t care what the problem is; if the network is down they will go to a competitor rather than wait for the problem to be resolved. This is the hard reality that should be prompting SMBs to make network security a bigger priority.
That was the resounding sentiment in a recent virtual Symantec-hosted roundtable discussion of SMBs and cyber attacks. During the roundtable, three small businesses shared the challenges they face in defending against malware. I sat in on this discussion and heard firsthand just how common security incidents are for SMBs.
Symantec customers, including Richard Johnson from Seattle-based Coddington Construction, Val Charron, owner and manager of Northwest Dental Services, and Linda Yurko from Arc of Greensboro, a non-profit organization from North Carolina, were joined by their IT service providers for the roundtable discussion. All three companies were part of Symantec’s beta program for the latest release of Symantec Endpoint Protection.
Richard Johnson (who is a sales consultant at Coddington Construction, a company that does exterior remodeling work) shared his company’s struggles with malware. Because of the lengthy wet season in the region, the window for exterior remodels is short, so it’s crucial that Coddington Construction gets their bids to potential customers quickly. However, malware issues were wreaking havoc on their bid process.
“We had malware problems left and right, almost weekly; we would be down for a day or half a day. We would need to call someone to come in and fix these malware issues so that I could turn around and get bids out,” Richard said. “When people look at that and you aren’t timely, they relate that to ‘How will he work when he’s on the job?’”
Richard turned to his IT consultant, Darrel Bowman of MyNetworkCompany. Together, they identified the source of the problem: drive-by malware. Richard frequently had to go online to investigate new products that were of interest to his customers. “That research was bringing in our malware problems,” explained Richard.
Protecting patient data, meeting regulations
Malware was also a problem for Northwest Dental Services. Owner Val Charron and his three-person dental team see upwards of 45 patients every day. Naturally, their computer systems contain personal health information (PHI) that if compromised could be used to commit fraud or identity theft. Keeping these records electronically gives Val’s team quick access to information they need to help their patients, but it places the data (which is subject to strict regulations, including HIPAA) at risk.
Northwest Dental Services had experienced problems related to viruses and malware that slowed its systems and even required a shutdown for a few hours until it was resolved, but since deploying SEP 12 they haven’t had those problems. Val said, “We’ve been running smoothly ever since.”
Darrel, who is also Northwest Dental Services’ IT service provider, recommended SEP 12 to them. He added, “They don't have any attacks any more. They don't even know the software is sitting there on their server. It doesn't have a very large footprint on their desktop or on their server.”
Mobile workers bring viruses back to the office
Many SMBs struggle with securing their data while providing their mobile workforce with the access to corporate assets they need to do their jobs. Linda Yurko, assistant executive director at Arc of Greensboro, has firsthand experience with the threats lurking outside the office walls. As a non-profit United Way organization that benefits individuals with intellectual and developmental disabilities, Arc of Greensboro often works with sensitive and confidential information from remote locations.
“Our staff works out in the field. They take their laptops and jump drives with them, then bring them back to the office. When I started here, we were having virus attacks, spyware attacks; computers were just completely shutting down. We were spending a huge amount of money just to get them up and running,” Linda said. The problem Arc of Greensboro encountered was that laptops and thumb drives were becoming infected while outside the network and were bringing malware back, where it would promulgate throughout the office.
Drew Moen, principal of Strategic Technology Services, provided further insight into the challenges Arc of Greensboro faced. According to Drew, Arc of Greensboro had invested in an endpoint security solution, but it was installed incorrectly and wasn’t deployed on every machine. “The first thing we did was install Symantec Endpoint Protection across all the units, which took care of their problems,” said Drew.
Linda concluded, “I’m very pleased to have a technology plan that works for us. Before we had Symantec, it was a lottery as to whether or not machines are up to date. And now with Symantec, I feel really comfortable that everybody is up to date and that we don’t have any security breaches.”
Tackling the problem
SMBs are increasingly appealing targets because they usually have fewer cyber defenses, and traditional signature-based antivirus protection is no longer enough. SMBs tend to think they aren’t worth anyone’s bother, but Symantec research found 40% of all targeted attacks were directed at small and medium businesses.
To address the need for further protection, the three SMBs above have implemented the latest Symantec Endpoint Protection (SEP) release, which allows for complete protection against malware, spyware, and the newest variations of viruses. It uses reputation-based technologies to detect threats and take care of them before they can impact the system.
Have you faced similar attacks in your own business? I’d be interested to hear your own war story and how you’ve addressed cyber attacks in your small business.