I still remember clearly the morning the first virus got through. It was a pain, having to hit every machine and eradicate the infection, but it was also an alarm that our network security posture had to improve immediately. That particular virus had a payload which deleted pictures, and at the time the company I was working for used pictures heavily on the sales side to help with quotes. The viruses that attack now are much more malicious, and are intended to gather information, take over your PC or network and send information back to the source. I have tracked some attacks to some former eastern bloc countries, but many times there are computers relaying information and instructions so it can appear as if the attack is a mile away.
The threat has evolved, and if you have not taken this into account when looking at your small business then disaster awaits. Not IF, but WHEN, and usually quite soon. Back when I had Comcast, I decided to hook a PC straight to the internet, without a firewall, just to see what happened. Within 10 minutes the PC was rendered unusable. I also watched, while it still worked, the probing of the machine and was amazed at how many different sources were attacking. Automated programs use lists of IP addresses for Comcast and relentlessly try passwords, ports, and various techniques to try to gain entry. If your machine were to get infected, sometimes the only thing it would do is run the automated programs and further the infection, and your PC or server just became a 'zombie.' As far as you could tell, your laptop just seems to run slower.
Basic defense against this type of attack is simple, and very cost effective.
1. Implement a firewall solution. Get a good firewall that does Intrusion Prevention (IPS) right at the edge. This allows for most attacks to be stopped before they take root. Some large companies use layers of firewalls and other techniques so that traffic is filtered several times, both entering and leaving the enterprise.
2. Implement a good Anti-virus solution on every machine in your enterprise, and make sure updates are regularly applied. Automate as much of this process as possible so that you don't have to remember to update. Many threats can be stopped before they affect you just by having up-to-date virus signatures.
3. Keep current with Microsoft patches, and other patches for your applications. Often, viruses and malware exploit vulnerabilities in code, and software manufacturers are constantly updating their programs. There are methods of automating this for any business, and this process should be regular in nature.
4. If your company has the resources, then an Intrusion Detection System (IDS) is also something to consider. These types of systems watch for threats to show up, or watch for activity that indicates a breach.
5. Educate your employees. If someone calls on the phone looking for the IT department and asks a ton of questions about your infrastructure, make sure that they don't give freely all of the information. Make sure your employees don't use their business email as their sole email for all things personal and private, and that they should not click on everything in their inbox. (people still do it!) This training needs to happen in a formalized setting, and be a part of the policy handbook, new employee training, and reiterated on a regular basis. Many, many times the virus will come in because of user error.
The cost of the IT department running around fixing the problems on every machine was just one part of that original infection. Also was the lost data and time for sales that now needed to replicate their efforts, and put together quotes based on memory or hand drawings alone. Now the threat could sneak in and take all of your customer information, credit card numbers or any of the other 100 or so proprietary types of data that you safeguard, and use that information in ways that it is not intended. Once you have been breached, and this information is leaked, then permanent damage to your business is certain. Your customers trust you, and aside from all other civil and criminal ramifications of a breach, if their information is exposed that trust will never come back. Many large name companies are no longer in existence after the scandal, because their customers took their business elsewhere.
No comments:
Post a Comment