Wed 04 March 2015
Modern hackers generally try to exploit and attack computer systems that are not updated or patched, this does not count the thousands of script-kiddies that run the scripts created by the developer-hackers or the attacks reported to come from funded organisations be that crime organisations or government organisations.
In the past hackers where through to only concentrate on the big business, most will probably remember what happened when sony was attacked! and more recent the issue with lenovo and smart fish incident. These big hacks are making big news and highlights security issues and cybercrime to the general public. Most of the big companies employee staff to watch their network and to react to a security threat, some dont take it as serious and these tend to be the organisations that get hit.
However, there is a reported trend for hacking focus to shift to smaller companies.
Standard Virus protection these days runs out to about 20-100 euros depending on supplier and brand. Unfortunalty, security researchers have claimed that AntiVirus protection alone in some cases is only roughly 20% effective at protecting a computer from modern day hacking methods.
Security can be a huge investment for anybody to do correctly and safely, many smaller companies do not have the resources to secure themselves and their business from these types of attacks and makes them easy prey. Its bad enough if you have your website attached and defamed what if your an online merchant https://www.pcisecuritystandards.org/smb/ shows a list of things that a small business should be aware of its a mine field.
Symantec, said in 2012 that small business attacks were up by 30%, and mobile attacks where up 58% and these figure continues to grow day by day.
Security specialists claim that the highest percentage of discovered attacks are via web browsing activities and email. In fact these two tools are the mainstay for most businesses and if they are not protected you are really asking for trouble.
The basics of security for any small company is fairly simple first make sure you have a firewall in place and configured correctly to block all incoming traffic except to public services, it is generally my preferred way to block all outgoing ports except the ones you need open as well to block Denial of service attacks.
It is imperative that you have a modern continually updated virus protection solution for all computers connected to your network, even if you are using linux or Mac its best not to skimp here. Second is a well known malware detection and removal product also dont skimp here, most malware is in fact just annoying like in adware and such causing pop ups and the like some are not however and can lead to major problems remember lenovo, this is the worst kind confidential data leaking to the public domain….. The next line of defence is web filtering, not so you can monitor your staff but that the websites know to host hacking software are blocked before you lose valuable data.
Once all this basic system is running you must keep on top of it updating the software regularly and checking the logs daily to make sure nothing goes un-noticed!. Go out and employee somebody to do this or get a reliable managed services provider that can take care of this.
If you go for an onsite employee, figure roughly anything between 45,000 - 110,000 euros per year for a IT Security expert in house. Add to this about 80-150 euros for the anti virus and malware software for each PC and server on your network. Web-filtering/Email spam filtering can be done on site but normally this is provided by a third party cloud supplier this is going to be in the region of 15 to 20 euros per user protected
And if you have done this you can feel reasonably safe performing your day to day work.
The other option is a managed service provider for a monthly fee will take care of all of this for you and provide you a daily/weekly/monthly report of the status of your network and PCs without the need to pay fixed staff costs.
Good luck and stay safe..