Two Important Security Tips that SMBs Should Practice

Paul Mah

Comparatively lower budgets for security gear and the lack of dedicated personnel to keep an eye out for the latest exploits mean that SMBs need to do what they can to avoid being snared in the web of "gatherers"-script kiddies who make use of hacking tools or malware written by others. In the same vein, a couple of security incidents hit the news recently that I felt perfectly exemplified the importance of a couple of security practices we've talked about in the past.


Using the same passwords for different sites


Corporations and entities have long spent large amounts of engineering resources and money working towards a utopian vision of single sign-on access to everything on the corporate network. The great irony, however, is that it has become increasingly evident that using the same password is an invitation for danger in our hyper-networked world. This point was just demonstrated last weekend when Gawker Media woke up to find that its empire of online sites-built using proprietary code-had been compromised.


Aside from the devastating release of the source code that powers its custom website, the more public slap across the face came as a result of the site's central password database having been compromised in the same infiltration. Some sites are having a field day sieving through the most popular insecure passwords in use ("24682468" and "password" apparently), though users in the habit of recycling the same passwords across more than one site will hardly be amused.


While it is not known if hackers were able to exploit the Gawker database to compromise accounts elsewhere, it makes sense to ensure that the same passwords are not used for different sites.


Keep up with security updates


Do you surf the Web? If so, you will be interested to know that some trickery and sleight-of-hand succeeded briefly in tricking Google's DoubleClick and Microsoft's MSN ads services into serving out obfuscated JavaScript malware. You can read more about the malvertisement here, though the part relevant here would be the vulnerabilities that the perpetrators attempted to exploit. Because novel exploits-also known as zero day attacks-are comparatively hard to find, the attackers attempted to hit at vulnerabilities that were already patched, running the gamut from known flaws in Internet Explorer, Java and Adobe Reader.


As you can imagine, SMBs that have exercised due diligence in updating their software and have installed the latest security patches from Microsoft are unlikely to have been affected. Organizations that have failed to keep up with their security updates, on the other hand, were left dreadfully exposed. And because the malvertisements were essentially served via some of the largest ad networks in the world, infection could have taken place even if users exercised care to not visit suspicious sites.


So what is the key takeaway? Make sure that security updates are deployed sooner, not later.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.