Keeping your small business secure in 2009
Many corporate networks have failed to apply important Microsoft Windows Security patches as over 10 million PCs are now infected with the DownandUp worm and the number is growing rapidly. The resulting botnet is a potential threat to Internet stability and security.
It is always less expensive and time consuming to prepare for security threats than to address them after a breach. There are several practices I recommend for small businesses to remain vigilant against any virus or spyware security threat:
#1 Remember that anti-virus software is not going to prevent, but only perhaps mitigate infection and act accordingly. Assess your business’ risk of data exposure (or loss) from a virus or worm. Make sure you have a security plan in place or being developed.
More info: http://www.uschamber.com/sb/security/default
#2 Be careful which websites you visit (especially in IE). Even with the latest security patches, hackers may have intelligence about non-publicly disclosed or unpatched vulnerabilities. Using this information allows crafting of custom web pages that can hijack computers, read specific (sensitive) information or plant destructive software that can erase or crash a machine.
More info: http://www.cert.org/tech_tips/securing_browser/
#3 Exercise caution with e-mails, especially if they have attachments or weblinks. These e-mails, even if from a seemingly trusted source, must be verified. Examine the header information and make sure it looks legitimate.
More info: http://www.uic.edu/depts/accc/newsletter/adn29/headers.html
#4 Don’t use flash drives if you can’t verify they are virus-free. Many virus writers are aware of the ubiquitous nature of portable media and have developed viruses that exploit Windows’ autorun function to execute their malicious code.
More info: http://www.mydigitallife.info/2007/03/16/virus-infections-via-usb-drive/
#5 Keep your anti-virus software up to date. Use the latest version with the latest engine and definitions to ensure that the best algorithms and signatures are being used to mitigate threats against your machine. If your anti-virus software fails repeatedly, don’t be afraid to replace it.
More info: http://www.zdnet.com.au/blogs/securifythis/print.htm?TYPE=story&AT=139264249-139033343t-110000152c
#6 Consider using secondary and tertiary security software such as Malwarebytes Anti-Malware (http://www.malwarebytes.org/) and SpyBot Search & Destroy (http://www.safer-networking.org/en/index.html) to scan your system for threats weekly.
#7 If Windows can be avoided, then use other operating systems such as FreeBSD, Linux or Mac OS X on workstations and servers to mitigate security risks.
More info: http://www.kernelthread.com/publications/security/uw.html
#8 Use a firewall to secure your network and your PC. Without a firewall you may expose your network and PCs to Internet security threats that could be otherwise mitigated or prevented.
More info: http://en.wikipedia.org/wiki/Firewall_(networking)
#9 Keep your system patched and up to date. Actively maintained operating systems are treated as living software to the extent that when there is a critical bug or vulnerability, programmers will address the problem and release a patch.
More info: http://www.cert.org/homeusers/HomeComputerSecurity/#2
If you’re in doubt or just need an expert, then consider hiring my company, Envescent, to help secure your small business.