Five Places Where Malware Hides
Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.
In an earlier post last week, I highlighted three quick security tips for small businesses that highlighted some common and easily rectifiable mistakes made by SMBs. I do feel strongly for small businesses, given how they typically lack in IT employees qualified and trained in security matters. Moreover, many of the top security products are designed for the enterprise in mind, and are priced out of a typical SMB’s budget.
Today, I want to offer three more quick security tips that most small businesses should be able to implement quickly and cheaply.
Install endpoint anti-malware protection
Though I wish there were some way to avoid having to install antivirus software, the simple fact is that endpoint anti-malware protection is essential to protecting desktops and laptops. This is especially pertinent for laptops, since they may be taken outside of the corporate network where they are exposed to greater dangers. Moreover, these laptops may also be used to access corporate assets, which mandate some minimal level of protection lest they become an unwitting conduit used by hackers to access the corporate network.
Fortunately, there are many antivirus software options out there, some of which may offer additional protection against data leakage or phishing attempts. Choose one from a relatively reputable vendor that fits your budget.
Protect your email
One of the top vectors for security attacks is through email messages, and they range from malicious attachments to URL links designed to lure users to a specially prepared exploit or phishing website. As such, it makes sense for SMBs to implement some form of malware scanner at the email server to deflect as many attacks as possible.
The availability of cloud-based email security services means that SMBs can obtain such protection at a small monthly cost. Moreover, setting this up usually requires nothing more than a small configuration change with your domain’s MX record. GFI MailEssentials Online is one such service, while businesses using Google Apps can sign on for Google’s Postini Services.
Set up a segregated ‘guest’ network
Advanced authentication schemes such as RADIUS do exist for Wi-Fi, though they are typically beyond the capabilities of small businesses to implement. The result is that most SMBs make do with WPA or WPA2 using a static passcode that is never changed. While this is fine in most cases, it is a “nothing or all” approach to Wi-Fi authentication that can be problematic when partners or guests visit.
A far better solution would be to set up a segregated network with a different SSID name for visitors. When configured to allow only Internet access, it lets SMBs offer hospitality to guests while maintaining the security of the corporate network. And if you’re not already using a business-grade Wi-Fi access point that is capable of more than one SSID, check out “Common Mistakes SMBs Make When Deploying Wi-Fi.”