With National E-security Awareness Week commencing this week, now is a great time for Australian SMBs to review their current security posture.
National E-security Awareness Week is a national initiative that aims to raise awareness about the importance of e-security among Australians and aims to help small businesses better understand the steps they can take to protect themselves online.
SMBs are often the organisations that slip through the net when it comes to implementing adequate protection from online threats. Many SMBs do not have the resources available to protect their IT infrastructure, with some 46 percent of SMBs not having dedicated IT staff to manage their IT environment. With the threat landscape shifting at an alarming pace, it is also no surprise that more than half of Australian SMBs have experienced some form of a security breach.
Security threats are becoming increasingly sophisticated, seeking out critical business information such as confidential documents and customer data. These threats are targeting networks as well as endpoint devices such as mobile phones, PDAs, laptops, desktops and servers. To tackle these risks, SMBs need to deploy security strategies that go beyond simple anti-virus. While many SMBs have traditional anti-virus protection installed, this will do little to protect against wider risks such as spyware, web-borne malware and spam.
The following tips will help SMBs build a strong defence against today’s growing stream of electronic attacks:
• Stay informed
Understand the security threats that could impact your business. Security threats are constantly evolving with increasingly complex risks emerging. However, a number of companies publish reports detailing the security landscape. These reports can easily be found online and are a great way to stay informed on current and future trends and threats. A good example is the Federal Governments Stay Smart Online initiative, which provides a free alert service with easy to understand information on the latest e-security threats.
• Use layered security
Multiple layers of protection will identify and address a greater number of threats. Anti-virus software, firewalls and security patch updates should all be incorporated. It is important to update all desktops, laptops and servers with the security patches from the operating system vendor as soon as they are released, to protect against any successful exploitation of vulnerabilities.
When considering endpoint devices, personal firewalls can be used to help control network traffic. Another simple trick is to enable the security settings on Web browsers and disable file sharing. Finally, it is important to remind end users to develop strong passwords to make it more difficult for intruders to access your data. Passwords should have at least eight characters and a combination of letters, numbers and special characters.
• Implement a network access control solution
All network-connected computers and endpoint devices should be monitored for signs of unauthorised entry and malicious activity. Infected devices should be removed from the network and disinfected as soon as possible. It is also important, to develop policies that restrict the applications that can access the corporate network.
• Back up data
IT systems can be brought down for any number of reasons including disaster, human error and hardware failure to name a few. It is critical to back up data regularly and store extra copies of this data off site. Encrypting backup stores is also a good idea, so that data is protected should these stores be stolen or lost.
• Don’t forget physical security
A simple way to enhance defences is to implement physical security tactics. These include using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable and not leaving written passwords in proximity to the computer. It is also important to be mindful of the physical security of PDA’s and other handheld endpoint devices.
While e-security can seem daunting, there are simple ways to develop a well-executed, comprehensive solution. All-inclusive security suites are ideal for SMBs as they provide complete protection with little administration required for installation, deployment and management. A security solution provider, will be able to match an appropriate all-inclusive solution to your business needs.
National E-security Awareness Week also provides useful resources for SMBs. A number of seminars and workshops are being held around Australia with dedicated sessions for small businesses. Further details can be found at Stay Smart Online
– Craig Scroggie is the vice president and managing director – Pacific region, for Symantec.
People who read this, also liked:
Protecting business IT systems in tough times