The security landscape is constantly changing, so the threats your business faces today are different from the threats of a year ago – or even six months ago. The latest Symantec Internet Security Threat Report gives an overview of threat activity for the first six months of 2007. Here are a few important trends noted in the Report:
- In the first half of 2007, 212,101 new malicious code threats were reported to Symantec. This is a 185 percent increase over the second half of 2006.
- Between January 1 and June 30, 2007, spam made up 61 percent of all email traffic monitored at the gateway.
- The Symantec Probe Network detected a total of 196,860 unique phishing messages, an 18 percent increase over the last six months of 2006. This equates to an average of 1,088 unique phishing messages per day for the first half of 2007.
- Threats to confidential information made up 65 percent of the top 50 potential malicious code infections reported to Symantec.
There are a number of measures that business owners, IT staff, and end users can take to protect themselves against malicious activity. With today’s threat landscape in mind, here are our top ten security recommendations for your small or medium business:
So what steps should SMBs take to protect themselves (and their customers)? Employing defense-in-depth strategies, including the deployment of IDS/IPS solutions, antivirus and antifraud solutions, as well as a firewall, is a good place to start. Of course, reading Symantec’s semi-annual Internet Security Threat Reports is a great way to stay informed about the threat landscape so you know what you’re up against. Antivirus definitions should be updated regularly and all desktop, laptop, and server computers within the business should be updated with all necessary security patches from their respective vendors. Implementation of a Network Access Control (NAC) solution is highly recommended to control and monitor access to your network. To help prevent accidental or intentional data leaks, SMBs should employ data leakage prevention solutions. Symantec also advises businesses to develop and implement policies that prevent users from viewing, opening, or executing any email attachment unless the attachment is expected and comes from a known and trusted source, and unless the purpose of the attachment is known.
- Scrutinize email. Educate employees about safe email policies. These include: never opening attachments in email from unknown senders and never responding to spam. In order to limit the propagation of email-borne threats, email attachments should be scanned at the gateway. Additionally, all executable files originating from external sources, such as email attachments or files downloaded from Web sites should be treated as suspicious.
- Utilize Network Access Control. All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorized entry and malicious activity, ensuring that any infected computers are removed from the network and disinfected as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network.
- Patch your holes. To ensure you have the latest protection, always apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions.
- Encrypt data. In the case of theft or loss, the compromise of data could be averted by encrypting all sensitive data. Encryption should be part of a broader security policy that businesses should develop, implement, and enforce in order to ensure that all sensitive data is protected from unauthorized access.
- Use layered security. Employees and other end users should employ defense-in-depth strategies, including the deployment of antivirus software and a firewall. Antivirus definitions should be updated regularly, and all desktops, laptops, and servers should be also be updated with the necessary security patches from the operating system vendor. Also, make sure to enable the security settings on Web browsers and disable file sharing.
- Back up data. For any number of reasons – disaster, human error, hardware failure, etc– your IT system could be brought down. Therefore it is critical to back up important data regularly and store extra copies of this data off site. Also, since it is easy for storage tapes to get lost, stolen or harmed in transit, encrypting those backup stores is a good idea.
- Manage vulnerabilities. In addition to staying up to date on patching, an asset management system can be used to track what assets are deployed on the network and to determine which ones may be affected by the discovery of new vulnerabilities. Vulnerability management technologies should also be used to detect known vulnerabilities in deployed assets. Once identified, unpatched vulnerabilities should be assessed and mitigated according to the level of risk.
- Use strong passwords. Users should employ strong passwords which have at least eight characters and combine alphanumeric and special characters. Change all passwords every 45-60 days to make it more difficult for intruders to access your data.
- Stop spam. Spam is the leading source of malware entering networks today. Spam not only diminishes productivity, it also puts a strain on storage and bandwidth requirements. Employ anti-spam solutions to proactively protect your environment.
- Don’t forget physical security. There are a number of routine things users can do to strengthen your business’s security. These include: using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being extra mindful of physical security of PDAs and handheld devices, which area popular target of thieves.