- 27 June 2012 08:27
SMBs Easy Targets for Cybercriminals
AVG (AU/NZ) Pty Ltd, distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, warns that many small- to medium-size businesses (SMBs) are still easy targets for cybercriminals.
The recent Australian Business Assessment of Computer Use Security (ABACUS) survey from the Australian Institute of Criminology confirms the high proportion of SMBs that are continuing to take unnecessary risks with their business security. For example, less than 1 in 10 SMBs were found to be automatically updating their computers.
As the inexorable drift towards the mass use of mobile technology in the workplace becomes manifest, combined with SMBs failing to employ the most basic protections, small businesses are leaving themselves vulnerable.
Australia’s smaller organisations are embracing technologies that facilitate mobile working, and yet are not fully alert to the additional risks to business security. For example, businesses are readily adopting social networking as a promotional opportunity to engage with customers, but further precautions such as web link scanning are required to protect against associated online threats.
Michael McKinnon, Security Advisor at AVG (AU/NZ), said: “If you are the owner of a small or growing business, chances are you think you are too small for cybercriminals to be interested in you. But you are well advised to think again. With many cybercriminals using automated scanning tools, unless you protect yourself they’ll eventually find you.”
From his perspective, McKinnon knows that SMBs remain focused on traditional IT vulnerabilities like e-mail and web viruses and tend to be more concerned about losing access to files and replacing hardware. But the dangers also lie in security breaches. These are the costlier risk in terms of lost sales and revenue opportunities. According to the AVG SMB Market Landscape Report 2011, the average cost of a security breach is US$6,370. “Without safeguarding against emerging trends such as information theft and social engineering, SMBs are leaving themselves wide open to the cybercriminals,” he said.
AVG (AU/NZ)’s guidance is to treat Internet security the same way as corporate governance and brand protection. McKinnon says: “This is a boardroom issue, not simply a technology debate.
“No company should be operating without stringent online safety precautions in place, particularly when affordable, effective measures are readily available to them. Having full featured, automatically updated, always on anti-virus and Internet security software running across all company computers and employees’ mobile devices is a must for business continuity.”
The trend is for executives and staff to access e-mail and other proprietary data from more than one device. The risks of not securing them properly are very real. If malware on a mobile device is allowed to remain undetected by users, criminals can gain access to confidential corporate data. The cost in terms of time and expense associated with cleaning these up is often substantial. A report by Computer Economics defines the 'direct' costs of malware infections as:
• Labour costs involved in analysing, repairing and cleaning infected systems
• Loss of user productivity
• Loss of revenue due to loss or degraded performance of system
• Other costs directly incurred as the result of a malware attack
Just as business owners lock their doors to keep out burglars, the same should apply to the online world. To bring the shutters down on cybercriminals, SMBs should:
1. Keep protection updated for all computers and mobile computing devices - including USB memory sticks, memory cards, portable hard drives, MP3 players, cameras, smartphones and tablets - that are brought in or taken home by staff, contractors, clients and visitors.
2. Ensure backups are occurring automatically and plan for reducing disaster recovery restoration times.
3. Promote strong password management, with passwords that are not easy to guess, are as long as possible, and which preferably include a combination of upper and lowercase letters, numbers and symbols.
4. As a first line of defence in social networking activity, use AVG's 'scan before you click' LinkScanner® technology, embedded in its anti-virus and Internet security solutions, to ensure shared links and files are checked and safe.
5. Ensure staff always log out of every application or social networking site, and always use the highest rather than default security settings.
6. Provide staff with written security guidelines to keep them and your business network safe. Don’t assume that all your staff are tech savvy.
7. Enforce this robust internal policy with regular security audits.
8. If you need to provide visitors with Internet access, invest in networking equipment that provides a DMZ “De-Militarised Zone” that will give your visitors restricted access so they can't infect your systems, install software or log into your files.
Australian Business Assessment of Computer Use Security (ABACUS); Australian Institute of Criminology
For the series of informative security tips, how-to and fact sheets see: www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see: www.youtube.com/user/avgaunz
Keep in touch with AVG (AU/NZ)
• For breaking news, follow AVG (AU/NZ) on Twitter at twitter.com/avgaunz • Join our Facebook community at www.facebook.com/avgaunz • For security trends, analysis, follow the AVG (AU/NZ) blog at resources.avg.com.au
### ENDS ###
About AVG (AU/NZ) Pty Ltd — www.avg.com.au
Based in Melbourne, AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company, distributes AVG Technologies’ software, namely the AVG Internet Security and Mobile Security product range in Australia, New Zealand and the South Pacific.
AVG Technologies’ mission is to simplify, optimize and secure the Internet experience, providing peace of mind to a connected world. AVG’s powerful yet easy-to-use software and online services put users in control of their Internet experience. By choosing AVG’s software and services, users become part of a trusted global community that benefits from inherent network effects, mutual protection and support. AVG has grown its user base to 114 million active users as of March 31, 2012 and offers a product portfolio that targets the consumer and small business markets and includes Internet security, PC performance optimization, online backup, mobile security and identity protection.
AVG (AU/NZ) Media Contacts:
Michael McKinnon AVG (AU/NZ) 03 9581 0845 firstname.lastname@example.org
Shuna Boyd BoydPR 02 9418 8100 email@example.com
Sign up now »
Enforce compliance consistently and cost-effectively across your organization.
- FTSenior Field Engineer - MSNSW
- FTTechnical Account Manager - MSP + CloudVIC
- FTSenior Python DeveloperNSW
- FTLead Software EngineerSA
- FTR&D EngineerSA
- FTOS Web Applications DeveloperNSW
- FT.NET - Sitecore Developer - Melbourne - PermNSW
- FTWeb Developer- Drupal and PHP. Exciting new position- #2 in Dev team.$100k+SuperNSW
- FTTest EngineerVIC
- FTQuality ManagerSA
- FTSenior Python Web Applications DeveloperNSW
- FTSenior Projects EngineerNSW
- FTSenior Python DeveloperNSW
- FTSnr Web Developer PHP/Magento/API integration into E-commerce sites. $100k+SuperNSW
- FTTest Analyst (MS Environment) .netNSW
- FTSenior E-Commerce PHP Developer- North Sydney- E-commerce Software $110kNSW
- FTTest Manager - IMMEDIATE STARTNSW
- FTTest Analyst (MS Environment) .netNSW
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.