In 2006, there were more than 4,000 new IT security vulnerabilities identified that could impact your daily computer operating systems. It is true, because larger firms have more resources, they are usually better protected as opposed to smaller to medium size firms. For small to medium sized firms It Security can become a challenge.
Some of the dangerous attacks on businesses were, Nimda, Code Red, SQL, Slammert, and Blaster. All of these attacks mentioned spread like wildfire through the Internet. Small Businesses, may be vulnerable to mass attacks in comparison to large corporations. An example of such an attack, “Mydoom” which struck with a vengeance in 2004. In addition, the “Mydoom” attack affected 1 in 3 small to medium business as compared to 1 in 6 large enterprises. There is one factor that makes Small to Medium business more prone to attack. Smaller companies tend to be homogenous in terms of their computer infrastructure. Approximately 90% of small businesses are running Windows on their servers on a day to day basis. About 75% of these companies use Outlook and Exchange on a daily basis.
In most cases, small businesses lack highly trained staff that can address IT security in an adequate manner. As previously mentioned, large companies have a definite advantage and the resources available to secure a highly skilled IT staff.
There are some excellent Industry Solutions that would solve many of the current problems small to medium sized companies are experiencing. Installing Routers. Routers provide high-tech “Packet Filtering”, and are used to enhance the security of a network. In addition, there are also some attacks that are performed on the router to optimize performance and reduce processing load on the entire system.
Intrusion Detection Systems (IDS) ,will analyze all computer & Internet traffic and determine the legitimacy. The IDS System can look at traffic and make a determination weather or not it is a NIMDA attack. The system will alert all invalid or attack traffic.
Firewalls, installing good firewalls will restrict outbound access to traffic that is deemed legitimate by the company’s security policy. In addition, firewalls will allow outbound web access for employees only. Inbound access will normally be block.
Anti-Virus Software, will scan all emails and look for well defined viruses. Anti-Virus solutions can be implemented in each employees desktop computer, ASA, or email function. It is very important to keep all Anti-Virus Software updated, if not it can virtually become ineffective.
Virtual Private Network, provides critical security by allowing the internet to be used in a private manner. In addition, the VPN will allow data to be sent between employees which is encrypted. High security and Privacy is provided through the VPN while in transit, but it doesn’t secure endpoints from other attacks.
Spam Filtering is necessary and can be implemented directly on the email server. Spam provides protection against “Phishing” attacks. Phishing attacks, are mass messages that are crafted to look like legitimate mail from a bank or merchant. These attacks can be extremely dangerous because it asks recipient to verify and volunteer personal and secure information. Overall, Spam Filtering improves security and productivity within the work place.
There are certain things that small to medium sized companies need to do in order to examine their overall security threats and the value of current systems and applications being used. A). A security risk assessment must be performed. B). An information security policy must be developed and approved. This kind of policy is for managing and sharing sensitive data, monitor compliance, and lower IT costs and lower IT deficency rate. C). An adequate network must be designed and secured. D). Top notch Anti-Virus software must be installed on the system. E). An operating system must be used that has strong security baseline capabilities. F). Any unnecessary network applications must be removed for optimal performance. Installing or downloading useless programs only serves to slow down computer function hindering performance. G). Firewall software must be used at all times. Firewalls are critical especially for corporations. H). Strong Authentication needs to be used. No emails should ever be opened unless the origin and sender can be identified. I). A strong computer incidence response plan must be created. If problems do occur within the computer netwrok, they must be reported immediately and resolved promptly.
There are certain measures that smaller companies need to implement to protect their computer system. Making these changes could prove to be quite costly, but when it comes to computer security and the future of a business, it may be well worth the cost.