There are many security threats facing your business.
Threats exist that have the potential to lead to downtime and large periods of unproductiveness for your business. You could also lose your own data or clients' data either through theft or destruction. Alternatively, threats exist that could lead to the emptying of your bank accounts, or purchases on your cards/accounts through unauthorised access to online accounts.
In this two-part post, we'll look at some of the most common threats and discuss some of the things you can do to protect yourself against them.
A virus is a piece of software that has been designed to replicate itself and infect a computer without the user's consent.
Viruses can delete files, reformat the hard disk, or prevent use of the computer by locking it and displaying unwanted messages, audio, text etc. Viruses can be programmed to do pretty much anything. At best, they're a serious productivity sapper due to the system crashes, slowdown and erratic behaviour. At worst they could ruin your business by leaking or deleting sensitive/important data.
Computer Viruses can be spread through a local network or removable media like flash drives and CDs. They are also spread through the internet via email or downloading files from websites or peer to peer software.
How Netstar's clients are protected
All businesses should invest in antivirus software in order to stay protected. The problem with most anti-virus software is that it installs locally, and it needs to be kept up to date. You are only protected against viruses known at the time of the last update.
If you don't update the definitions for three months, then you'll be at risk from any new viruses not known by your software at the time of the last update. Many users don't take the time to update their antivirus software. We can do this for them outside business hours, but it requires the user's machine to be left switched on.
In order to be completely safe, we don't use antivirus software that requires the use of a local database to recognise threats.
We use a cloud based software which has many advantages:
- The definitions are updated constantly in real time by the antivirus provider, not when you get round to doing it yourself. You are connected to this database over the internet so you're always protected against the very latest threats.
- As there's very little data held locally by the software, it takes up minimal resources on your machine, especially compared to traditional AV software.
- Install time is very fast!
Did you know: Even excel documents can contain viruses. Excel can be used to run macros, which are a set of pre-recorded instructions to be carried out when the macro is run. The intent for macros is to shorten repetitive tasks, but they can also be used maliciously. Be careful when opening email attachments from people you don't know.
Spam refers to unwanted email messages. It is a low level threat, only causing annoyance and clogging up mail servers (causing performance issues) but its prevalence is extremely high.
The main threat from spam is a loss of productivity from managing, blocking and deleting spam messages, and also from system slowdown (high number of additional messages stored on email servers and locally).
Your IT department or outsourced provider should employ a good anti-spam solution to prevent these messages from reaching your mailbox.
The solution we use will block the vast majority of these messages, but it is customisable. You can log in to a portal to see what has been blocked, and release and allow it in the future if you choose. You can also mark other messages that may have gotten through as spam, and they will not be delivered in future.
Need to write up a security policy? It's easier with our free template!
Spoofing, Phishing and Pharming
Spoofing refers to a person, website or program masquerading as another. An example could be your bank's online login page being spoofed, with the intention of tricking people into typing in their credentials onto a phony site, which then records them.
Phishing is similar, but carried out over email. The user receives an email they think is legitimate, then clicks on a link and is directed to a spoof website where they may type in login credentials, credit card numbers etc. Some phishing attacks trick users simply by asking for their passwords, or by attaching an "invoice" or "e-fax". These attachments are not legitimate, and could install viruses, malware or other unwanted programs.
Pharming refers to websites being hacked to redirect their traffic to a website on a server owned by the hacker. This can occur by hacking of the actual website, or by changing the hosts file on a victim's computer so that computer goes to a different website than the one the user intended.
All of these attacks have the potential to be very damaging. Once personal information has been stolen, the spoofers, phishers or pharmers can use that information to sign in to online bank accounts or services such as paypal/ebay and steal money or make fraudulent purchases.
Beware CEO Fraud
In the digital age, we have to remember that not all crime is carried out digitally. There have been stories about people phoning up businesses, asking to be put through to accounts, and then tricking someone into transferring large amounts of money out of the business, usually under the insistence that the person is working on a very important and urgent deal for the CEO.
The best way to deal with spoofing, phishing and pharming attacks is to use vigilance as these attacks rely on tricking victims rather than by using advanced technology. As spam filters are customisable, phishing emails can slip through. As any email address can be used to send a phishing email, and any web address can be used to set up a spoof webpage, the only failsafe would be to block everything. Your IT provider should have security "best practices" that they suggest you follow, and educate you on the right behaviours so that you stay protected.
Had Security Breaches? Get the Checklist for Choosing a New IT Support Partner
Coming up in the next post - Botnets, Trojans, Worms, Adware, Spyware and Keyloggers.