As if there isn't enough to worry about in today's business environment with pressures on the business to make sales/profits, remain competitive, be innovative, etc., you now need to add to the ever increasing threat of computer and network attacks to the mix. They are coming from all ends both internal and external and can result in a loss of data/information, time, resources and productivity. These threats affect
and we all need to do our part to alleviate this risk.
So lets start by identifying some of the examples of these threats:
Viruses/Worms - Sasser, Zotob, Nimda, Welchia, Melissa, I Love You, Blaster
Malicious code - Spyware, Malware, Adware, Keyloggers, RATs, Trojans
Botnets - zombie PCs
How do they come "in the door"?
Drive by downloads
Installing malicious codes on your systems at home and work
Through email and attachments - pictures applications web pictures, applications, links, wallpaper
System drivers, printer drivers, wireless drivers
Media players -iPods
Media files - as in the case of movies (AVI's, MPG's, etc.)
Free software distribution - freebies online purporting to get rid of threats but brings in even bigger threats with more serious intent.
Just what do they want?
Anything that can be used for financial gains and espionage.
What's the cost? (Besides potentially your entire business?)
In order to calculate the cost of a virus infecting your network and damaging your information do the following;
List the number employees in your business
Calculate an average hourly compensation per employee
Think about what files and work might need to be recreated after a loss: customer database, client reports, project files, and schedules, contracts, etc.
Estimate the amount of time required to re-create lost databases, financial files, and other work per employee
Multiply the time required by the number of employees affected by the average hourly compensation
Most threats are not so obvious anymore and are more insidious. Often they are disguised as the more low/medium-level threats that come in when you are so busy guarding against the ones that are high-level (red lights flashing). These threats are also coming from both known and unknown sources. (For example you may receive an email from someone you know and think that it is fine not having realized this person had already been compromised and spreading it to you and others).
So how do you protect against them?
People - awareness, communications, company policies, IT taking the lead in disseminating information on a regular basis
User Awareness sessions policy
Incident response Policy
* I highlight this because it explains what and how you will react to a compromise, including what do you tell clients/customers/vendors
Approved Applications Policy
VPN Access Policy
Patch Management Policy
Network Management and use Policy
Email / IM Messaging Policy
User Access Control Policy
The biggest risk is YOU. You are often the one who opens the email, clicks on the link, downloads the software, etc. One of the biggest problems we are all guilty of is assumption. So, try not to assume too much i.e. - I assume that because we have virus protection a virus or worm will not affect us or I assume that since this attachment came from someone I know it is alright to open. I assume that I can connect my laptop to the corporate network and it will not cause any issues. I assume that since I dial into my company network that I will not cause issue if I have a compromised machine at home. These assumptions go on and on...
Some more Good practices...
The "Break fix" approach to IT may not cut it anymore. Partner with a company that provides a "Managed Care" service that can help with managing the risk, and can also provide constant awareness, mitigation and remediation.
Appoint someone who will be responsible for IT Security Infrastructure responsibilities - a consulting company or internal employee. That way if and when anything happens you know who to go to and how to get the answers you need.
Conduct regular IT security workshops, programs and things that will help user to be more aware of the risks at hand and the roles they play in mitigating them
Other prevention methods include...
Install antivirus on all desktops, laptops, and servers
Check for virus definitions daily or set for automatic updates
Stop intruders with a firewall
Use a firewall on all desktops, laptops, and servers
Stay on top of security updates
Deploy security patches and fixes as soon as they are available
Use the latest operating system versions
Create strong passwords and change them frequently
Don't allow Web browsers to remember passwords/private data
Open email responsibly
Scrutinize attachments before opening them; avoid ones with unusual extensions
Don't open or reply to unsolicited mail
Damage control is always more expensive in reputation, time, money and trust than the initial expense of putting basic security infrastructure and policies in place. The threats do not care what size company or market you work in/for. It knows what it is looking for and how to get it and unfortunately, it's in every business' infrastructure.
Thanks to Brett A. Scudder from The Technology Suite for contributing to this article. :)