Businesses face many and varied threats to their computer network and small companies are often the most vulnerable as they do not have the staffing or financial resources to monitor such activities.
From email viruses to malware and insider fraud, small business owners need to be aware of what the main threats are as failing to ensure their system remains operational could be fatal in the current climate.
Network security provider WatchGuard Technologies has identified the top 10 threats for which small business owners must watch out:
10) Insiders
In many small firms, business records and customer
information is often entrusted to a single person. Without adequate checks and
balances, including network system logs and automated reports, data loss from
within can stretch over long periods of time.
9) Lack of contingency plans
One of the biggest threats to small firms relates to the
business impact of post-hack, intrusion or virus. Many firms lack a data
loss response policy or disaster recovery plan, leaving their business slow to
recover and restart operations.
8) Unchanged factory defaults
Hackers publish and maintain exhaustive lists of default
logins (user name and password) to nearly every networked device and can easily
take control of network resources if the default factory configuration settings
are not changed.
7) The unsecured home
In many small businesses, employees often take laptops home
to work. In an unsecured home network environment, a business laptop can be
dangerously exposed to viruses, attacks and malware applications.
6) Reckless use of public networks
A common ruse by attackers is to put up an unsecured wireless
access point labelled "Free public WiFi" and simply wait for a connection-starved
road warrior to connect. With a packet sniffer enabled, an attacker
stealthily sees everything the employee types, and is then able to utilize that
data for personal gain.
5) Loss of portable devices
Much small business data is compromised every year due to
lost laptops, misplaced mobile devices and left behind USB sticks. Although
encryption of mobile device data and use of strong passwords would mitigate
many of these losses, many users simply fail to secure their mobile devices and
data.
4) Compromised web servers
Many small firms host their own websites without adequate
protection, leaving their business networks exposed to SQL injections and
botnet attacks.
3) Reckless web-surfing
Now more than ever, malware, spyware, keyloggers and
spambots reside in innocuous-looking websites. Employees who venture into
ostensibly safe sites may be unknowingly exposing their business networks to
extreme threats.
2) Malicious HTML email
No longer are attackers sending emails with malicious
attachments. Today, the threat is hidden in HTML email messages that
include links to malicious, booby-trapped sites. A wrong click can easily
lead to a drive by download.
1) Unpatched vulnerabilities open to known
exploits
More than 90% of automated attacks try to leverage known
vulnerabilities. Although patches are issued regularly, a short-staffed small
firm may likely fail to install the latest application updates and patches to
their systems, leaving them vulnerable to an otherwise easily stopped attack.