SMBs are open to two main types of cyber attacks – those targeted directly at an organisation and the mass shotgun attack style designed to infect anyone and everyone. Here’s five ways businesses can protect themselves online.
The internet threat landscape today is constantly evolving with new threats and attacks emerging; coupled with the constant reuse of older techniques that have proven to be very successful at infecting computers, or stealing information in the past.
Businesses are open to two main types of attacks – those that are targeted directly at you or your organisation and the mass shotgun style of attacks that are designed to infect anyone they can. The targeted attacks are the most dangerous methods as they are likely to use advanced techniques to ensure success. These techniques include using zero-day exploit or a new piece of malware to gain access through a backdoor onto the user’s machine.
M86 Security has compiled a list of top five security tips to help users minimise the inherent risk to systems and information from using the internet:
1. Review your current security products.
Armed with the latest threat information, re-evaluate the security products used in your organisation. Ask your current vendors tough questions about exactly how they detect and block these threats. The solutions should have a solid base of reactive controls in anti-virus and URL scanning, along with proactive technologies such as real-time code analysis. Consider testing products against each other and ensure the vendors are investing in threat research.
2. Stay up to date.
When vulnerabilities are discovered, vendors work hard to develop and distribute patches to protect their users. Keep web browsers, add-ons/extensions and desktop applications up to date with the latest versions. Attacks commonly target vulnerabilities in old versions of web browsers or applications. The latest spam and web threats are not blocked simply because organisations have not yet applied the latest patches or updated their browsers.
Whilst being completely up to date with the latest patches helps to protect against patched vulnerabilities, you will still need to remain on guard for the zero-day vulnerabilities which are still waiting for a patch to be released.
3. Education is paramount.
Teaching users about best practices for their everyday internet usage is a key part of a security policy. Provide examples of social networking scams. Explain how easy it is for a computer to get infected. Encourage them to keep applications up to date (see above).
Above all else, warn users about clicking on any email attachments or links and pay close attention to the links found in search engine results and posted by contacts on social networks. Updating users on the latest phishing techniques will raise their suspicion levels as well as warning them against using pirated software, which is commonly bundled with malware.
4. Consider using browser add-ons or extensions for an additional layer of security.
Use the NoScript extension for Mozilla Firefox to limit the execution of JavaScript code.
Free tools, such as M86 SecureBrowsing, are available for users to analyse links from search engine results and web pages to gauge whether they contain any code that is attempting to act maliciously. It also works with shortened URLs, such as those used on Twitter.
5. Protect your Social Networking accounts.
Setting the Privacy settings in your social media accounts can be a bewildering process but it is worth the effort to clearly understand and appropriately set the options. Badly configured privacy settings make it easier for attackers to compromise your accounts.
– Jeremy Hulse is vice president of Asia Pacific sales at M86 Security.