Published February 01, 2013
Small businesses are a prime target for computer hackers and scammers largely because they leave themselves vulnerable. But it doesn’t have to be that way. Keeping systems up-to-date and setting policies for employees are just two of the steps small business owners need to take to ensure they don’t become the next victim of a computer attack.
“These are crimes of opportunity,” says Jason Glassberg, co-founder of Casaba, a security company. “It’s very rare people get attacked for who they are. They get attacked because they have a computer that is vulnerable.”
According to computer security experts, cyber criminals cast a huge net with the goal of ensnaring as many people as possible. They prey on any vulnerabilities in a system, rather than targeting particular victims. Because of that, small business owners can’t afford to be complacent.
“You can’t adopt this attitude of I’m nobody, nobody is going to go after me,” says Glassberg. “If you leave yourself open and unprotected someone is going to go after you.”
One of the main defenses a small business owner can take is making sure all systems are up-to-date. That means having patches installed on a regular basis, making sure all antivirus software has the latest installs and that they are current on all versions of software.
“Whether you are talking about malware, ransomware or Trojans, the majority of stuff spreads not through email but by simply going to the wrong site,” says Michael Gregg, founder and COO of Superior Solutions, a security consulting company. Hackers set up these “exploit kits” that look to see if you are running an out-of-date browser or flash version that can be compromised when you land on these Websites.
While it may be easy for a large company that has a team of employees focused solely on that task, for small businesses it could be tougher to keep up with patching, but it is necessary. Because in a small business everyone wears multiple hats, Gregg says it’s a good idea to automate as much of the patching and updating as possible. These days more and more vendors offer auto patching and auto updating, so a small business owner doesn’t have to worry about systems being stale.
It’s also important for the small business owner to set policies in terms of what Websites employees can and cannot visit. The business owner needs to be realistic and realize that even if a Website is on the “do not visit” list, someone is going to go there anywhere. To protect the computers from getting infected as a result, Dave Aitel, CEO of Immunity, the security penetration and assessment company, says to run ad blockers.
“A lot of the ways people are getting exploited is through online ads,” says Aitel. “You’re employees are going to these sites. It’s the best protection.”
In conjunction with setting policies, the small business owner and its staff have to apply common sense when it comes to opening emails and clicking on links.
“You have to continually inform your user base and remind them to practice caution,” says Gregg. “If it’s an unknown site or strange extension think twice about it.”
To prevent employees from opening infected emails, Gregg says small businesses should use filtering software that will prevent the email from getting to the employee. It’s extremely important since malicious email is getting increasingly sophisticated, easily able to trick even the most cynical. If the company or its employees are unsure about an email attachment, Gregg says they can submit it to Jotti's malware scan which is a free service that will check your attachment for any malware or viruses before you open it.
Once your computers are patched and your employees are aware of the rules, the final defense is simply keeping your wits about yourself when it comes to the computer and Internet. For instance, never give out passwords or credential without making sure there is a legitimate reason, make sure you are visiting the proper Website and ensure you are downloading things from reputable Websites.
“It’s all real basic common sense things but people tend to forget this stuff and go clicking away,” says Glassberg.