to establish rules and measures to protect individuals and businesses. (their data and other ... user to a spoofed or fr
AN INTRODUCTION TO INTERNET SECURITY PROTECT YOUR BUSINESS FROM WEB-BASED THREATS Definition in·ter·net se·cu·ri·ty /ˈintər net siˈ y
rit /
un
Internet security is a branch of computer security whose objective is to establish rules and measures to protect individuals and businesses (their data and other assets) from web-based threats, such as hackers, scams and malicious code. Threats Malware: a catch-all term used to refer to various types of malicious software. Phishing/spoofing: a type of scam aimed at obtaining a user’s personal or confidential information. Phishing scams typically involve some sort of spam email or social media message designed to lure a user to a spoofed or fraudulent website. Trends For the first quarter of 2011, McAfee Labs recorded an average of 8,600 new bad sites per day. (McAfee Labs, McAfee Threats Report: First Quarter 2011) What’s a ‘bad site’? Domains, IP addresses, and URLs that host malware, potentially unwanted programs, and phishing scams. New vulnerabilities Social media sites Mobile devices/apps
AN INTRODUCTION TO INTERNET SECURITY
Microsoft’s 2011 Security Intelligence Report found that from the beginning of 2010 to the end of the year, phishing attacks based on social networks increased by 1200 percent. Misconceptions MYTH: Small businesses are less vulnerable to web-based attacks REALITY: Of the data breaches investigated by the U.S. Secret Service and Verizon Communications’ forensic analysis unit, 63 percent were at companies with 100 employees or fewer. What’s more, because security is becoming tighter than ever at larger firms, small business look increasingly tempting to hackers. MYTH: I/my employees would never fall for an phishing scam REALITY: Employees are a company's greatest security risk. The results of phishing experiment conducted by the firm KnowBe4, which provides web-based Internet security training to businesses, found that employees at 43 percent of companies clicked the link in a simulated phishing email sent from a reputable and trusted server. Even when the email was sent from an unknown and untrusted server, 15 percent of organizations still had one or more employees who clicked.
“The longer term concern is that while many of us think that we are too savvy for online scams, the research demonstrates otherwise.” Richard Clooke, online security expert at PC Tools
Challenges facing SMBs
Issue complexity Lack of time Cost constraints Lack of expertise Opportunity cost
AN INTRODUCTION TO INTERNET SECURITY
“Many organizations don’t have the tools and inhouse expertise to detect these threats, so attacks and security breaches go unnoticed.” Gartner, Inc., Network Security Monitoring Tools for ‘Lean Forward’ Security Programs. February 2011
Safeguards Tools Anti-malware software (updated regularly) Firewalls (firewalls create checkpoints between an internal private network and the public Internet) Network encryption: protocols include SSL and TLS for web traffic, PGP for email, and IPsec for the network layer security Actions/policies
Keep your operating system and applications current and patched Limit access to your network Establish rules/safeguards for remote workers Promote awareness of common phishing threats Work-from-home scams Weight-loss claims Lotteries and sweepstakes scams Fake check scams Imposter scams Mystery shopper scams Bogus apartment rentals Miracle cures Debt relief scams Pay-in-advance credit offers Investment schemes The "Nigerian" email scam Back up your data regularly Back up your data regularly Back up your data regularly AN INTRODUCTION TO INTERNET SECURITY
Don't open any attachments in emails unless you know who sent it and what it is Download and install software only from websites you know and trust. Make sure your browser security setting is high enough to detect unauthorized downloads Use a pop-up blocker and don't click on any links within pop-ups Wi-Fi security: Change the name and password of your router from the default settings Use WPA2 encryption whenever possible Worth the trouble? Yes! Improving your security posture will help your business: Create a safe working environment for your team Prevent pornographic, offensive, hostile materials from being inadvertently distributed through your network Reduce risk of costly network infrastructure damage Promote workplace productivity (ensure your network is used for business productivity, not as a recreational diversion) Reduce liability (prevent employees from using your network to conduct illegal activity) Protect employee and business privacy
Interested in learning more about Internet security? Don’t hesitate to contact us!
AN INTRODUCTION TO INTERNET SECURITY
