Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
The FCC published a list of "Ten Cybersecurity Tips for Small Businesses" earlier this year, which you can access here (pdf). In case you haven't seen it, however, I've highlight the 10 pointers below with my take on the various tips and links for further reading.
1. Train employees in security principles
This is hardly a new problem with studies as far back as 2009 exposing the lack of security training in SMBs. The relentless onslaught of phishing and social engineering, though, does mean that the need to train employees in basic security principles has only increased in the intervening years. In this vein, the FCC recommends that businesses establish security practices to protect customer information and their vital data, and to "clearly spell out the penalties" for violating business policies.
The installation of basic anti-malware software is one way of defending against malware. Traditional antivirus software aside, the use of whitelisting software has also gained some traction in recent years. Those new to the concept can read what I've written on the topic in "Whitelisting: A Shift in Approaching Security," where I outline how to only allow verified software to run.
3. Provide firewall security for your Internet connection
This is pretty self-explanatory: Leaving your firewall security enabled offers additional protection against external attacks.
4. Download and install software updates for your operating systems and applications as they become available
I cannot overemphasize the need to regularly install pertinent operating system and applications updates, especially the monthly Patch Tuesday releases from Microsoft. I wrote back in 2009 that "small and medium businesses are far less likely to be paying attention to Patch Tuesdays, as opposed to a full-fledged IT department in the enterprise." I think this is still true today, though, thankfully, there is at least one tool available today to quickly detect missing security updates.
5. Make backup copies of important business data and information
I heartily agree on the importance of backing up important business data, and have written extensively on this topic. One technique of creating a robust backup infrastructure for greater reliability and faster restores would be to build multiple layers of backup. In addition, you may also want to check out "Four Backup Tips to Prevent Data Loss," which was published last week.
6. Control physical access to your computer and network components
While remotely launched cyber attacks tend to grab the headlines, IT departments must be mindful of limiting physical access to computing resources. Network components are especially susceptible to being reset to factory defaults, and unprotected Ethernet ports may also be used to circumvent firewalls. To defend against the latter, branch offices of security-conscious organizations may want to consider something like the HP 2915-8G-PoE network switch.
7. Secure your Wi-Fi networks
The need to properly secure Wi-Fi networks cannot be overemphasized, with criminals known to target unsecure and vulnerable Wi-Fi networks. I've written on some ways to protect a Wi-Fi network, which you can read in "Quick Wi-Fi Security Tips for SMBs."
8. Limit employee access to data and information, and limit authority to install software
On a practical note, the lack of manpower (or know-how) means that not all small businesses are able to limit the ability to install software. I certainly won't recommend that SMBs allow staffers to install applications willy-nilly - completely locking down on this front can be time-consuming and can also result in various degrees of inconvenience.
9. Require individual user accounts for each employee
Requiring that users make use of individual, non-administrative accounts could stymie certain hacking attacks, or limit damage in the event of a successful system break-in.
10. Regularly change passwords
"Passwords that stay the same, will, over time, be shared and become common knowledge to coworkers and can be easily hacked," observed the FCC. Personally, I think the biggest threat when it comes to passwords is their widespread reuse. Hackers usually make a beeline to password databases upon compromising a website. And given that not every business protects these vital files adequately, passwords that are recovered by the bad guys are quickly tried on various Web services - with often devastating effects.
In my opinion, the only way to deter password reuse is to make use of a proper password management tool. You can check out my brief introduction to a trio of them here.