When Teresia (not her real name) arrived for work recently, her business’s network security was the furthest thing from her mind. Sitting at her desk, she had a basic knowledge of common-sense practices which she felt confident would be sufficient to keep her business safe. She wasn’t the type to download dubious content from the web or employ weak passwords. She regarded her computer as a no-nonsense work tool that was essential for her to accomplish her duties as the CFO for her small, Midwest specialty manufacturing company. What she didn’t know was that along the way, a little piece of malware had slipped into her PC. This hidden piece of program would soon threaten her company’s survival.
Teresia’s malware did one simple thing: It caused her browser to redirect all her bank communication to a set of phony websites that looked just like their legitimate counterparts. When she logged into the look-alike website, yielding her username and password, a message appeared prompting her to call customer service about a problem with the company’s account. Trustingly, she dialed the number on the screen and after a few simple questions from the phony agent on the line, her company’s bank account was drained. More than $300,000, gone in minutes.
Disaster? You bet! And like the mark of a well-played con, she was left holding the bag.
As a business owner, you may think, “This probably won’t happen to me. I’m too small.” However, the New York Times recently reported that, “Gartner Research estimates that more than 10% of small businesses have had funds stolen from their bank accounts—losses totaling more than Two Billion Dollars.”
Now, here’s the point: Small business owners can no longer rely on security through obscurity. Information and network security is a need of every business owner today and survival as a business depends upon it. The National Cyber Security Alliance reports that 60% of small businesses, having fallen victim to cyber-crime go out of business within 6 months. Recovery is just too expensive and the detriment to reputation and brand are irreparable. For instance, the most current Verizon Data Breach Investigation Report, for the first time ventured to quantify the cost of a security breech: “$52,000 to $87,000 per 1000 pieces of information.” The thing we all need to recognize is that the cost of securing a business network is penny’s-on-the-dollar compared to recovering after an attack.
The good news is there are things you can do to protect your business network that are both affordable and sensible.
1. Do an assessment to identify vulnerabilities and
exposures.
The first step for any attacker is to find
network vulnerabilities by scanning for exposures. One of the best ways to see just how secure
your network is, is to do the same thing that an attacker would do -- scan your
network. A thorough assessment of your
network will give you a firm understanding of any vulnerabilities you may
have. By assessing your network with the
same tools that security researchers (and attackers) use, you'll see what they
see. There are reputable network
security firms that can accomplish this for you and present you with detailed
reports that will give you the information you need.2. Create a plan to remediate vulnerabilities.
Once you have the findings of a network vulnerability assessment, create a plan to patch and fix these vulnerabilities as soon as possible. Prioritize your solutions by severity to your network. Do not procrastinate repairing or patching vulnerabilities that are identified. Correction is usually not difficult and is essential to your business’ defense.
One of the first things any attacker will
look for is open ports. Ports are the mechanisms by which your small business
network opens up and connects to the wider world of the Internet. A
hacker sees an open port as an irresistible invitation for access and
exploitation. After your assessment, your network security professional will
lock down ports that don't need to be open as well as patch other
vulnerabilities that may be identified.
3. Install a Firewall.
A properly configured firewall acts as
the first line of defense on any network. The network firewall sets the rules
for which ports should be open and which ones should be closed. The only ports
that should be open are ports for services that you need to run.
In addition, a good firewall needs to provide
visibility into your network to allow you the transparency you need to know
what is going on. This includes Intrusion
Detection System (IDS) technology, email filters as well as internet traffic
filters. Monitoring this and looking at
it at least monthly can play a key network security role. One of the best solutions for the firewall
question is a Unified Threat Management (UTM) firewall.
There are many desktop firewall
applications available today as well, but don't mistake those for a substitute
for an adjustable firewall that sits at the primary entry point to your small
business network. You should have a firewall sitting right behind where
your network connectivity comes into your business to filter out bad traffic
before it can reach any desktop or any other network assets.
4. Be aware and
manage passwords.
Having a firewall is important, but
it's never enough to simply drop it into your network and turn it on. Change
your passwords periodically and use combinations of numbers, symbols and
letters to make them difficult to break.
One of the most common mistakes in
configuring network equipment is keeping the default password. It's a trivial matter in many cases for an
attacker to identify the brand and model number of a device on a network. It's equally trivial to simply use Google to
obtain the user manual to find the default username and password.
Take the time to make sure you use
unique passwords on all your network equipment and don’t hesitate to change
them periodically to keep them safe.
5. Update Frequently.
Equipment, just like
applications and operating systems, needs to be updated for security and bug
fixes. The firmware that your small business router and/or firewall shipped
with is likely out-of-date within a year, so it's critical to make sure you
update it.
Often when researchers discover a vulnerability they keep
the information private until the manufacturer has released a patch to solve
it. By keeping updated on patches you
can keep your system safely ahead of many vulnerabilities before the
information is released to the public.
Finally, regular backups are essential in the event of an
attack, fire or natural disaster. It is
a simple matter to purchase a backup drive and keep your system backed up
periodically. As a rule of thumb, the
more often, the better. Ideally, your
backup should be done to an off-site location which makes a cloud backup a
viable option.
Your Network Can Be Secured.
Your business may be small, but you can use
these tips to help secure your network. Though hackers don't discriminate
against small business, they do tend to target the low-hanging fruit and the
easier targets.Lock down your network by making sure vulnerabilities and exposures are eliminated and corrected. If patches are available, use them. With a properly configured firewall, your network can be secured. Understand your own internal network and with these tools, you'll be ten steps ahead of the low-hanging fruit.
No comments:
Post a Comment