Académique Documents
Professionnel Documents
Culture Documents
2 4
7 9
the mainstream media has provided extensive coverage of high-profile identity theft scams such as the infamous T.J. Maxx hacker attack that resulted in the theft of more than 40 million credit and debit card numbers, the largest identity theft case ever prosecuted by the U.S. Justice Department. SMBs are even more clueless when it comes to how they think these thefts will be resolved once theyve occurred. The survey found that a staggering 63 percent of companies either strongly or somewhat believed that their banks would return all of the funds stolen in these attacks, a sign that most SMBs arent particularly motivated, or capable, of implementing at least a modicum of security technology and processes to prevent themselves from being swindled. But in Pandas survey, only about 37 percent of victims said they recovered their stolen funds, while 28 percent reported most of their stolen funds were reimbursed. While online banking security is a general concern among most SMBs, most of them have little knowledge about the specific threats targeting organizations of their size, Panda Securitys Sean-Paul Correll, said in the report. Its precisely this false sense of deserved recovery that has prompted three states to recently pass legislation
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
Lacking IT Resources
Theyre also operating with less resources and general technology acumen than large companies. SMBs typically have fewer in-house resources and budgets for IT security, placing them at greater risk of
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
fter 2009 became a year of unprecedented proliferation of spyware, malware, and cyber attacks of all types, Kevin Haley, Symantec Security Response group product manager, posted an ironic blog entry titled Dont Read This Blog to draw attention to how Internet users have been conditioned to click any compelling link without regard to the possible and often probable security consequences of their actions. We love to click, he wrote. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show in a revision of Maslows Hierarchy of Human Needs any day now behind love, but certainly ahead of safety, he added. Whether its a come-on for what appears to be a friendly game of online Monopoly or the incessant and sinister pleadings of a bogus antivirus application, malware scams have become more sophisticated and damaging with each passing day. A report released by the Anti-Phishing Working Group (APWG) found that fake anti-malware and security software programs soared up more than 585 percent in the first half of 2009 alone. Yes, its a cheap trick and not even close to original, Haley wrote of his creative blog title. [But] since social
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
Social engineerings popularity is at least in part spurred on by the fact that what operating system and Web browser rests on a users computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. 3. Rogue Security Software Vendors Escalate Their Efforts Expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free thirdparty antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere. 4. Social Networking Third-Party Apps Will Fraud Targets With the popularity of social networking sites poised for more unprecedented growth, expect to see fraud being targeted toward social site users to grow. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users social networking account information, just as we have seen attackers take advantage of browser plug-ins more as Web browsers themselves become more secure. 5. Windows 7 Will Come in the Crosshairs of Attackers If youre not using Windows 7 yet, you probably will soon. And as long as humans are programming computer code, flaws will be introduced, no matter how thorough prerelease testing is. And the more complex the code is, the more likely that undiscovered vulnerabilities exist. Microsofts new operating system is no exception, and
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
Most laptops let you set a boot password in the BIOS that will prevent the PC from booting if someone enters the wrong password numerous times. This is not an incredibly robust security deterrent, but it should stop the average person.
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
Biometric Scanners
An alternative to passwords is biometric security, which includes things like retinal scanners, facial recognition technology, and fingerprint readers. Many laptops are equipped with fingerprint readers and if yours is so equipped, do yourself a favor and use it. While each of these security measures adds a layer of complexity to your system, theyre really only a deterrent for someone with average to moderate technical skills. In fact with the right skill set, tools, and utilities, these measures can be circumvented pretty easily. That doesnt mean you shouldnt use them. It just means you should understand that these dont make you invulnerable.
program. There are many available, but one of the most popular is TrueCrypt, which supports Microsoft Windows, both 32- and 64-bit versions, Mac OS X, and the Linux operating systems. TrueCrypt supports a total of 11 different algorithms, and can encrypt the boot partition, an entire drive or a USB flash drive. It even has the capability to create and run a hidden encrypted operating system. The user interface is a bit sparse and not overly intuitive, but if you study it a bit youll figure it out. The TrueCrypt site is also packed with extensive documentation that does a tremendous job explaining just about everything youll ever need to know about encryption and the encryption process; a Beginners Tutorial, defining each of the algorithms available; the benefits of hidden volumes; erasing signs of the encryption process, and so much more. Best of all, its free. The benefits of encryption cant be denied, but it does come at a price. The process of encrypting and decrypting data can be very hardware intensive, particularly on older systems. Should you discover that your PC is running too slowly when using entire drive encryption, try encrypting only a portion of your drive. This should speed things up a bit. The disadvantage to this approach is that sensitive data can accidentally be stored outside the encrypted area. However, using a partially encrypted drive is better than no encryption at all. The other important thing to remember is that once you encrypt your data you cannot access it without the password. If you lose or forget that password, then you might as well consider that data lost. So be responsible with your password. Remember, you have all the tools you need to secure your laptop, so use them. No one thinks it will happen to them, but as the statistics show, its not just possible its probable. Should that day come, your loss will never lead to anything more than the cost of the laptop itself.
Hardware Encryption
The most effective way to protect your data is to encrypt it. On an encrypted drive, the data remains encrypted even if the drive is moved to a different system entirely. Depending on the level of encryption you implement, it would be almost impossible for someone to recover your data without the key used to decipher it. Without question, encryption offers users the best protect against data theft and I would highly recommend you encrypt your entire hard drive. So how do you do it? Lets take a look at two of the more popular programs available. BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsofts Windows Vista and Windows 7 desktop operating systems. You can use Bitlocker to encrypt individual partitions, entire drives, and even USB flash drives. It uses the AES encryption algorithm and takes advantage of the Trusted Platform Module (TPM) found in many of todays laptops. This maximizes security by eliminating the possibility that someone might circumvent the Windows boot process. If you run a version of Windows that doesnt include BitLocker, you need to use a third-party encryption
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
2. Use a VPN Connecting to the Internet from a business center, Internet caf or airport hotspot presents a serious security risk as these are environments where it is relatively easy to intercept your data. A VPN encrypts all data before it leaves your laptop, and keeps it encrypted until it reaches a trusted environment such as your home or office network. You can try the try the free OpenVPN. Other easy-to-use options include paid-for services like HotSpotVPN, which uses OpenVPN, or remote access services like GoToMyPC or LogMeIn, both of which use data encryption to connect your laptop back to a trusted office or home network. 3. Update and Patch Your Software Most operating systems allow you to download and patch your system automatically, so its wise to ensure that this option is enabled to prevent it being vulnerable to known exploits. You can check for updates to common Windows applications using Secunias online software inspector. 4. Run a Firewall and Anti-Virus Software There is some debate about how necessary anti-virus software is on Macintosh and Linux laptops, but it is wise to err on the side of caution. At the very least you should continued ensure a firewall is running. ClamWin is a free anti-virus application for Windows. Alternatively, use a portable security device such as the
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.
10
Back to Contents
Take Your Information Security Beyond Antivirus Software an Internet.com Small Business eBook. 2010, Internet.com, a division of QuinStreet, Inc.