Six Tips for Surviving a Cyber Security Threat
You can lower your risk by slimming down what online security pros call your "attack surface." And that means going beyond simply installing anti-virus software.
Don't assume partners have your back. If you depend on outside sources for technical firepower--outsourced services, cloud solutions and the like--come at it with eyes wide open. "Many business owners think their web hosting provider is taking care of the security of their website," says Neil Daswani, co-founder and chief technology officer of security firm Dasient. "Not so. At the low monthly fees at which many hosting services are made available, the web hosting provider does not scan the websites for vulnerabilities or malware."
Serve up a safe site. Often malware distributed online is spread through legit websites. Criminals scan the internet for vulnerabilities in web applications and install bits of inconspicuous code into the site's server that infect users when they visit that site. Unfortunately, small-business sites are favored for such sneak attacks. "Those things are typically caused by small businesses not having the software on the server patched and up-to-date," says Chester Wisniewski, senior security advisor at security firm Sophos. Crooks also infiltrate third-party advertising companies, infecting code or setting up shell companies to dupe businesses into placing "malvertising" on their sites. According to Dasient, in the last quarter of 2010, 3 million malvertising impressions were served to consumers each day.
Lower your app profile. PCs from big box retailers come junked up with superfluous free apps, and the situation worsens with add-ons, plug-ins and shareware. More apps mean more avenues for hackers to attack. Wisniewski's advice: "Get rid of any software you don't need." Then, ensure remaining systems are patched and up-to-date. Michael Sutton, vice president of security research for cloud security provider Zscaler, says, "Look at browser plug-ins such as Java and Adobe Reader. These are the top two outdated components that are targeted by attackers."
Buy a "banking machine." The same protections the banking industry extends to consumer victims of identity theft are not necessarily extended to businesses. Because your liability is so much higher, it makes sense to dedicate a super-protected netbook or PC solely for online banking tasks.
Encrypt data. If you adhere to step one, assume data sent to cloud storage providers and the like is at risk. If there is sensitive customer information included in that mix, "Make sure that important data is backed up and encrypted," Daswani says. "Cloud-based backup services are likely to keep several copies of your data at multiple data centers and will generally be much more reliable and fault-tolerant than keeping a copy of data on a second hard drive in the same location as your original drive."
Think before you click. A lot of security comes down to common sense. Be vigilant about the links you're clicking through Facebook, e-mail and even search results. Kevin Haley, director of Symantec Security Technology and Response, puts it simply: "If something seems suspicious, don't click on it."