IT Support Blog for Small Business Owners

Is Your Network Security Adequate? Think Again!

Posted by Michael Silverman on Tue, Feb 18, 2014

network security resized 600Back on February 7th, NBC reported on potential security risks at the Olympic Games.  There was a lot of controversy about the article itself, but, accurate or a hoax, IT security doesn’t get the attention it should in small businesses.  More and more organizations, large and small, are being audited either by regulatory agencies or by existing or potential clients.  Years back, news was about virus attacks, followed by malware; today we’re regularly hearing about hacking.  Everyone wants to know their data is secure.

Data security is critical to ANP’s network management practices.  We protect data by leveraging “organizational wide” network security management best practices.  Having a firewall, unique passwords, and anti-virus programs might feel adequate, but times have been changing.  It’s critical to look closely not only at the IT infrastructure within your offices, but also at equipment owned by your staff and maybe even your vendors.

As I’m writing this blog, I’m sitting at home on my personal computer connected to the office.  There are lots of options for remote workers these days, but there are also network security risks that need to be mitigated if you have a mobile or remote work force.  Let’s touch on a few.

Home computers are usually vulnerable to viruses and malware due to lack of ongoing management and “the kiddie factor.”  Microsoft and other vendors do an adequate job of providing anti-virus and malware support for home computers, but only if the tools are leveraged and leveraged correctly.  If virus or malware activity infects your home computer and it is connected to the office network, you’ve just introduced a “back door” network security risk.  Could your organization be vulnerable to a home-based worker?

What about mobile devices like smart phones and tablets?  Apple iPhones and iPads are acknowledged to be natively more secure than Android devices.  Do your employees use both for connecting to the office?  You may limit their use to email, but do you also allow them into the office?  Onto the office wireless network?   ANP regularly performs Network Assessments for prospective clients.  It’s surprising to see how few companies segment their networks, restricting mobile device traffic solely to guest wireless networks.  There are also data security risks associated with email on mobile devices.  Just last week we completed an assessment for a company that was sending unsecured email to mobile devices, risking precious client information being shared with the outside world.

What about inside your offices?  Firewalls are designed to protect your network, and they do, but they are only one piece of the network security equation. Some of my clients leverage Intrusion Detection software to further analyze traffic passing through their firewall.  Though this software can be pricey, understanding the data these systems produce reinforces the need for a strong network security policy and operational discipline.  

In a 30-day period, I’ve seen “locked down” firewalls allow attempts at accessing servers from almost 20 different countries around the world.  That’s why network security is about a “system” of hardware, software, and operational procedures tightly woven to protect the organization and its sensitive data.

IT Security Equation

Here are a few questions to discuss with your IT staff or outsourced provider. Your answers will determine the next steps needed to establish appropriate levels of network and data security in your business:

  • How old is our Firewall and how current is its Operating System?
  • What is our Server and Workstation Patch status and update process?
  • Do we have any Windows XP computers in our network?
  • What is our password management strategy?
  • How do we control and manage access to sensitive information on our Servers?
  • Do we have a guest wireless network for employee smart phones and guest traffic?
  • When is the last time we had an outside network security Assessment?
Have any questions or comments? Interested in a free network assessment? Click the button below.
Request A Free Network Assessment

Topics: data security, IT security, network security, network assessment

Data Security Breaches: Not just a Big Business Threat.

Posted by Scott Persechino on Mon, Feb 17, 2014

data security breach resized 600If a big company like Target or Neiman Marcus can suffer a Data Security Breach, it can certainly happen to your small company. In fact, it’s probably more likely to happen. And though no business, big or small, is ever guaranteed to be completely protected from a data security breach, if a company does not take the proper proactive security steps, it will almost definitely happen.

After millions of shoppers fell victim to massive data breaches at Target and Neiman Marcus, investigations revealed that the mastermind behind the malware used in the attacks was a 17-year-old boy. For reference, malware is destructive computer software that interferes with normal computer functions, or sends personal data about users to unauthorized parties over the Internet. That is exactly what happened in these two breaches. Investigators have revealed that the teen allegedly created the malware last March, and started selling it to an unreported number of cyberhackers in Eastern Europe. The teen is from the Ukraine, and authorities believe the malware leveraged in these breaches was used by hackers in Russia. Up to 110 million Target shoppers had much of their personal information like credit card numbers, PINs, and even personal addresses compromised because of the breach. Can you imagine how your customers would react if they were victimized like this because of a network security breach at your company?

Companies, regardless of size, rely on critical business data to succeed and flourish. Based on a recent study, more than 78% of organizations have suffered from at least one data breach over the past two years.  Your company may face considerable financial liabilities if it loses sensitive data. Even worse is the damage to your reputation, especially since most consumers say they would entirely stop dealing with an organization in the event of a security breach. Even small businesses with antivirus solutions in place are prime cybercrime targets.

Three surprising ways that small companies are more likely to suffer a worse data breach:

  1. Small business data breaches are more likely to go unnoticed. Target's data breach was first spotted by tech journalists and security firms who noticed that hackers were trying to sell a large amount of stolen data on underground websites. The massive amount of stolen credit card information alerted journalists that something was going on. However, when a small business is hacked, it will most likely go unnoticed by these watchdog groups. Hackers will glean less information, and so no one hack will lead to noticeable changes in data black markets.
  2. Media attention protects large businesses, but not small ones. Hackers often wait to use stolen data from data breaches at large companies, but they might not be so shy with small business breaches. When a company like Target is hacked, rather than going on a spending spree, identity thieves delay using stolen credit cards until the fuss dies down and consumers and credit monitoring services stop watching their accounts so closely. Small businesses are more likely to be hit immediately and harder with identity theft because hackers know there isn't the same scrutiny.
  3. Small businesses are underinsured. Many large businesses have Cyber Liability Insurance, which covers them when they are hacked. This policy pays for the credit monitoring services that are currently protecting Target's customers. By contrast, small business owners very rarely are carrying this type of coverage.

Three Myths and Facts the Small Business Owner should be aware of:

MYTH #1: My business is too small to be a target.
FACT: Size does not matter. Believing you are not susceptible to a breach, combined with the vast amount of data your business holds, potential employee negligence, and a lack of a dedicated IT staff makes your business a prime target for attackers. In fact, the majority of small businesses agree they can’t do enough to protect their data using the measures and technologies they currently have in place.

Cyber criminals do not discriminate. As long as they can gain profit and find anything lucrative to exploit, they will. Understanding the threats your business faces, their potential impact, and the regulations you need to follow is really the least any business owner should be doing.

MYTH #2: The antivirus I have is good enough.
FACT: Traditional antivirus software is not a cure-all. An advanced persistent cyber threat can manage to stay undetected in a network or system for a long period while progressing toward its goal—usually to steal data. An advanced persistent cyber threat’s ability to bypass blacklisting allows it to move within the network without detection and steal corporate passwords in order to gain access to other systems.

Since attackers consider small businesses prime targets, relying on traditional security technologies can also put you at risk for a customized malware attack in which hackers identify their victims and purposefully infect the user's computer to steal data. Customized malware attacks account for most data breaches and the chances of a data breach are higher when businesses believe that their traditional antivirus is enough to protect their assets, particularly against customized attacks.

MYTH #3: I can trust my employees and don’t have to worry about enforcing data security policies.
FACT: A company’s greatest asset—its employees—can also be its weakest link. The top reasons cited for data loss were employees’ tendency to open attachments or click links embedded in spam, to leave their systems unattended, to change their passwords too infrequently, and to visit restricted sites. This negligence puts critical business data at risk from data-stealing cybercriminals and malicious insiders. Research shows that 56% of employees frequently store sensitive data on their laptops, smartphones, tablets, and other mobile devices. This means there is more than a 50% chance that confidential information can land in the wrong hands should they lose these devices.

What you can do about it:

Start with these IT security best practices:
• Secure, encrypt, and password protect sensitive customer and employee data.
• Set rules for your employees; don’t let Social Networking compromise your data.
• Dispose of sensitive documents completely and securely.
• Limit access to sensitive data.
• Ensure that all software and systems are updated as needed.
• Put up firewalls to block hackers.
• Establish secure remote access protocol.
• Establish and adhere to a privacy policy.

The bottom line:

Patch the holes in your organization’s walls. Identify which information is critical, who could and should be able to access it, then investigate the best ways to protect it with the aid of a trusted IT advisor or your Managed Service Provider. Like holes or cracks in walls, areas where your company data is most vulnerable can cause your security perimeter to crumble.  ANP is offering a free IT Webinar for business owners this month regarding how to secure your company data. Register by clicking on the button below:

FREE IT Webinar Your Data is Under Attack Stop Data Theft Click Here to Register

Topics: data security, IT security, network security, data security breaches

Subscribe By Entering Your Email

Follow ANP

Latest ANP Blogs

Browse by Category