This handout was provided as part of our ongoing monthly webinar series on various issues affecting small businesses. This document is a summary of data and Internet security challenges and definitions that can affect small businesses. Please contact us at Frontier.com/Security with any questions.
2. Intro
• Each cyber attack costs small and
medium sized businesses an
average of nearly $200,000 per
incident
• 80 percent of small businesses
that experience a data breach go
bankrupt or suffer severe
financial losses
• Our webinar is here to educate
you and provide some helpful
hints on how to protect your
business from internet security
issues
2
3. Firewalls
• Symantec recorded nearly 60 million attempts by
hackers to gain unauthorized entry into business
and home computers in a single 24-hour period
• The first way to prevent this is to have a firewall
• A firewall acts as a barriers between one
network and another. It prevents unauthorized
inbound and outbound traffic. On a small
business network, a firewall will separate the
local private network from the Internet. A
firewall will inspect the information trying to
come through and will determine if it is
legitimate. A firewall can hide your personal
network protecting it from unknown intruders.
• Make sure to protect other servers that are
connected to your network for special functions,
such as sharing a printer, store files, or deliver Web
pages. If it is connected to the Internet, it is a risk
and needs a server.
3
4. Common Security Threats
Spam
Spam, or unsolicited commercial e-mail
messages, wastes bandwidth and time. The
sheer volume of it can be overwhelming,
and it can be a vehicle for viruses. Much of
it is of an explicit sexual nature, which in
some cases can create an uncomfortable
work environment and, potentially, legal
liabilities if companies do not take steps to
stop it
4
5. Common Security Threats
Spoofing
IP Spoofing - creating packets that look as though
they have come from a different IP address. This
technique is used primarily in one-way attacks (such as
denial of service attacks). If packets appear to come
from a computer on the local network, it is possible for
them to pass through firewall security. IP spoofing
attacks are difficult to detect and require the skill and
means to monitor and analyze data packets
E-mail Spoofing - forging an e-mail message so that
the From address does not indicate the true address of
the sender. They may ask you to log in and update your
info or submit your billing information
5
6. Common Security Threats
Phishing
Phishing is becoming more and more prominent
for hackers and organized crime. Typically, an
attacker sends an e-mail message that looks very
much like it comes from an official source (such
as a bank or a website you shop at)
Links in the message take you to a fake website
that also looks like a real page. The goal of the http://www.antiphishing.org/images/h2_2011_phishing_reports_chart.jpg
scam is to trick you into giving away personal
information so that the hackers can steal your
account information or even your identity
The victims of these scams are the users who may
give up personal and confidential information, but
also the spoofed business’ brand and reputation
that were used to gain the customer’s trust
6
7. Common Security Threats
Viruses
Viruses are programs designed to
replicate themselves and
potentially cause harmful actions
and infect other programs on your
computer
They are often hidden inside
harmless programs. Viruses in e-
mail messages often masquerade
as games or pictures and use
beguiling subjects to encourage
users to open and run them
7
8. Common Security Threats
Worms
Worms also replicate themselves, but they are
often able to do so by sending out e-mail
messages themselves rather than simply
infecting programs on a single computer.
They can break into computers without
human assistance or knowledge
Trojan Horses
Trojan horses are malicious programs that
pretend to be benign applications. They don’t
replicate like viruses and worms but can still
cause considerable harm. Often, viruses or
worms are smuggled inside a Trojan horse
8
9. Common Security Threats
Spyware
Spyware refers to small, hidden
programs that run on your computer
and are used for everything from
tracking your online activities to
allowing intruders to monitor and
access your computer.
You can become the target of
spyware if you download music from
file-sharing programs such as
limewire, free games and movies
from sites you don’t trust, or other
software from unknown sources.
9
10. Common Security Threats
Tampering
Tampering consists of altering the
contents of packets as they travel over
the Internet or altering data on computer
disks after a network has been
penetrated. For example, an attacker may
try to change the data in your files as it
leaves your network
Repudiation
Repudiation refers to a user’s ability to
falsely deny having performed an action
that other parties cannot disprove. For
example, a user who deleted a file can
successfully deny doing so if no
mechanism (such as audit records) can
prove otherwise
10
11. Common Security Threats
Information Disclosure Denial of Service
Information disclosure consists of DoS attacks are computerized
the exposure of information to assaults launched by an attacker in
individuals who normally would not an attempt to overload or halt a
have access to it network service, such as a Web
For example, a user on your network server or a file server
might make certain files accessible For example, an attack may cause a
over the network that should not be server to become so busy attempting
shared. Employees also tend to to respond that it ignores legitimate
share important information, such requests for connections
as passwords, with people who
should not have them
11
12. Common Security Threats
Elevation of Privilege Pirated Software
Elevation of privilege is a process by In the United States, an 19% (http://
which a user misleads a system into portal.bsa.org/globalpiracy2011/) of
granting unauthorized rights, usually software is counterfeit. While the low
for the purpose of compromising or prices of counterfeit software can be
destroying the system attractive, such software comes with a
potentially much higher price:
For example, an attacker might log Counterfeit software can contain bugs
on to a network by using a guest and viruses and is illegal
account, then exploit a weakness in
the software that lets the attacker
change the guest privileges to
administrative privileges
12
13. Conclusion
• Most attackers use the processing power of computers as their weapon
• They might use a virus to spread a DoS program to thousands of
computers. They might use a password-guessing program to try every
word in the dictionary as a password
– Of course, the first passwords they check are “password,” “letmein,”
“opensesame,” and a password that is the same as the username.
• Attackers have programs that randomly probe every IP address on the
Internet looking for unprotected systems and, when they find one, have
port scanners to see whether any ports are open for attack
– If these attackers find an open port, they have a library of known
vulnerabilities they can use to try to gain access. For more
deliberate attacks, such as industrial espionage, a combination of
technology and social engineering is most effective.
• (Ex. Inducing members of your staff to reveal confidential
information, rifling through trash in search of revealing
information, or simply looking for passwords written on notes
by monitors)
13
14. Tips to Protect Your Small Business from
Cyber-Attacks
• Never click on Hyperlinks within emails, instead, copy and
paste them into your browser
• Use SPAM Filter Software
• Use Anti-Virus Software
• Use a Personal Firewall
• Keep Software Updated (operating systems and web
browsers)
• Always look for "https://" and padlock on web sites that
require personal information
• Keep your computer clean from Spyware
• Educate Yourself of fraudulent activity on the Internet
• Check & monitor your credit report
http://www.fraudwatchinternational.com/phishing/individual_alert.php?fa_no=240305&mode=alert
14
15. Social Media Security Tips for Small
Businesses
• There are long-term marketing benefits of social media, but there are also
security issues that come with it. Here are some tips for your small business
below.
• #1 Implement policies. Social media is a great platform for connecting with
existing and potential clients. However, without some type of policy in place
that regulates employee access and guidelines for appropriate behavior,
social media may eventually be completely banned from every corporate
network. Teach effective use by provide training on proper use and
especially what not do too.
• #2 Encourage URL decoding. Before clicking on shortened URLs, find out
where they lead by pasting them into a URL lengthening service like a tiny
URL decoder.
• #3 Limit social networks. Through secondary research about social media
security, 300-400 operable social networks serving numerous uses from
music to movies, from friending to fornicating have been found. Some are
more or less appropriate and others even less secure.
15
16. Social Media Security Tips for Small
Businesses
• #4 Train IT personnel. Effective policies begin from the top down. Those
responsible for managing technology need to be fully up to speed with
social media security risks.
• #5 Maintain updated security. Whether hardware or software, anti-virus or
critical security patches, make sure your business network is up to date.
• #6 Lock down settings. Most social networks have privacy settings that
need to be administered to the highest level. Default settings generally
leave the networks wide open for attack.
• #7 Companies who eliminate access to social media open themselves up to
other business security issues. Employees who are bent on getting access,
often skirt security making the network vulnerable.
Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox
News. Disclosures
http://www.infosecisland.com/blogview/20943-Social-Media-Security-Tips-for-Small-Business.html
16
17. Frontier Secure Tips
• Passwords: Don’t choose a common password such as “123456.” Make
your password personal, such as the name of your favorite sports team plus
your favorite number, or your favorite teacher
• Information: Share as little personal information as possible. That might be
difficult since you do just that on Facebook or Twitter, but do not include
any financial information, your birthday, address, e-mail address, phone
number, etc
• Limit: The more social networks you join, the greater your chances of being
hacked. Limit your social networking sites to two or three at most. Stick to
popular networks such as Twitter and Facebook because they are more
credible and have stricter safety standards
• Security: Make sure your computer has the latest security software so it’s
protected against attack from social media hackers, viruses, spyware and
other Internet threats
17
18. Frontier Secure Tips
• Safety: Update the privacy settings on your social networking pages. Limit
the friends and followers who see your content. For example, on Facebook
you can control where your posts go by customizing the “Settings” icon of
your profile page. On Twitter, you can request notification when someone
new is following you
• Know your source: Never click on a link from someone you don’t know.
Remember that even your friends can have a computer virus that blasts to
all their contacts without their knowledge
• Look out for “Deals”: Many of us take advantage of various discount
opportunities, but even these links may have viruses. Be sure you’re
opening a safe link even if the business is credible
• Search term mix ups: A harmless Internet search can bring up websites
laced with viruses. Be extra careful about what you type in a search engine
18
21. Sources
• Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on
Fox News. Disclosures http://www.infosecisland.com/blogview/20943-Social-Media-Security-Tips-for-Small-
Business.html
• http://www.fraudwatchinternational.com/phishing/individual_alert.php?fa_no=240305&mode=alert
• http://portal.bsa.org/globalpiracy2011/
• http://www.smallbusinesscomputing.com/webmaster/article.php/10732_3908811_2/15-Data-Security-Tips-to-Protect-
Your-Small-Business.htm
• http://www.smallbusinesscomputing.com/biztools/article.php/10730_3930231_2/10-Top-Small-Business-Security-
Tools.htm
F-Secure rated #2 overall best security product from independent testing by AV-Test (full article)
21