An article in the New York Times outlined the threat that universities in the U.S. face from cyberattacks originating from overseas. In part, the problem appears somewhat tied to the inherent culture of “openness” and relative scarcity of controls on the security front--exactly what you would expect to find in many SMBs out there.
Paul Henry, security and forensic analyst at Lumension, offers a number of suggestions to address these issues. Though written with education institutions in mind, I have outlined some of those pertinent to SMBs together with my take on how they can be applied to small businesses.
Review security policies
Henry suggests reviewing security policies, though he also highlights the importance of adding some “basic security initiatives and basic technical safeguards” in support of these policies.
While updating the SMB security policy to address the proliferation of BYOD devices and enforcing it sounds like a lot of work, it is a necessary step to protect the network and its attached resources from attack by Trojan-infected devices.
Implement training programs
I’ve written about the importance of training users on common security matters as far back as 2010. Like it or not, the increasing prevalence of advanced persistence threat (APT) gained via phishing appears to prove the necessity of training.
Henry also suggests that SMBs send IT staffers for additional technical training. In my opinion, the latter is of particular relevance to SMBs, who are likelier to budget funds for “more pressing needs,” to the detriment of their long-term computer security.
Move away from failed tech
Henry warns SMBs to move away from what he calls “failed tech,” which he identifies as antivirus-based malware scanners and port-centric firewalls. In its place, he suggests that organizations adopt whitelisting technology.
“Whitelisting works in reverse from antivirus software by creating a list of known ‘good’ files in a computer,” I wrote in my introduction to whitelisting. “Executable files not found within the database are flagged as potential threats or even stopped from executing.”
Henry describes the debate about traditional signature-based antivirus and whitelisting in this way:
“We’re facing an aggressive and determined adversary armed only with technology that was outdated a decade or more ago.”
With this in mind, organizations should “look to the next generation of security solutions to mitigate current-generation threats.”
Though whitelisting isn’t a perfect technology, the most egregious hassle of implementing it--having to individually “approve” dozens of obscure library files and executable files with each app installation--has been ironed out long ago. If you are interested, you can also read about the various merits of whitelisting for SMBs by reading my posts “Deploying Whitelisting for Your SMB,” and “Can Whitelisting Replace Traditional Anti-Virus Protection.”