Network Security and the Small Business

Transcription

1 Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises, but it is important to know that smaller enterprises are becoming easy targets for security attacks as larger companies are making more attempts to secure their networks. Today small businesses are becoming more dependent on internet and network technology for their daily business operations. As internet is becoming an indispensable tool for conducting business for smaller companies, networks of companies are becoming increasingly vulnerable to internal and external security threats such as viruses, worms etc. Networks and customer databases are critical elements for smaller companies and must be protected from these threats. A few days network downtime and lost critical customer data due to a security attack can disrupt firms productivity and can seriously damage its business credibility. Your Network is Vulnerable to Security Attacks Today internet has become an indispensable business tool for all small businesses and many of small businesses have their own networks. While internet connectivity is essential for growth of your small business but with increased use of the internet in all business activities, networks are becoming more and more vulnerable to security attacks. Most security attacks are not aimed at any specific company or network. The SANS Internet Storm Center 2 publishes data reporting average time, an unprotected computer can stay connected to internet. It reported that unprotected computer that is connected to the Internet, can become About is an IT solutions and services company that specialise in finding ways to make technology work better for your business. We work very hard to ensure that the IT systems will keep your business operating smoothly every day. infected in just 23 minutes. Many small businesses think that they are less likely targets for security attacks as compared to large enterprises, but it is important to know that smaller enterprises are becoming easy targets for security attacks as larger companies are making more attempts to secure their networks. Network Security and the Small Business 1

2 They have full fledged IT departments at their disposal but small businesses cannot afford permanent IT staff. According to Internet Security Alliance 1, attacks on information systems operated by small and mid-sized companies Information security threats are evolving constantly like any other technology as hackers are developing new and sophisticated methods of intrusion. The security threats mainly come from internal and external sources. are growing rapidly. One survey showed that one out of every three small businesses was affected by MyDoom virus while only one out of six large enterprises was affected by the same virus. A single and the smallest security breach can prove fatal for a small business. For example, a few days downtime and lost critical customer data due to a security attack can disrupt firms productivity and can seriously damage its business credibility. Major Security Threats to Small Business Network Information security threats are evolving constantly like any other technology as hackers are developing new and sophisticated methods of intrusion. The security threats mainly come from internal and external sources. External Security Threats These threats make a start from outside sources. The following are main external threats: Viruses & Worms: A computer virus is computer program that can replicates itself many times and it spreads from one host computer to other computers connected to it. A virus can corrupt or delete data on the computer or can even damage operating system of the computer. It can spread itself by different means i.e. through e mail attachments; instant messaging messages and through downloads from internet. A computer worm spread itself without a host program and is self sustained. Trojan Horses: A Trojan horse is a program that presents itself as a useful computer program but actually it is malicious program that causes damage to the computer and allows an unauthorized remote user to gain access to the system. Spam: The spam is unsolicited commercial messages. Spam messages may appear in different forms like it may offer to sell something or it may be designed to take so much network bandwidth that it can cause it to slow down. Spam wastes bandwidth and time. Network Security and the Small Business 2

3 Phishing: It refers to spam e mail messages to steal sensitive information like account information, credit card numbers etc. A phishing e mail commonly supplies a link of websites like PayPal or ebay to click on, where it demands to re-enter credit card number, password etc. But the sites are not authentic sites although they look like so. Spyware: It is malicious, hidden program that collects and sends users personal data like internet surfing habits, online activities of user etc. to spyware creators. It can also interfere in other ways like installing additional software, changing computer settings etc. DoS (Denial of Service) Attacks: DoS attacks are assaults to overload or halt a network service such as a Web server or a file server. An intruder overloads the network by flooding it with fake requests by employees, customers etc. Server becomes so busy that it is unable to handle legitimate requests for connection by the actual employees. The aim of this attack is to make the network unavailable for normal business activities. Internal Security Threats: These threats are caused by people within the company. These may arise from human error like poor password protection, failure to update antivirus software or improper and careless file downloading by company employees or may come from a malicious insider or a disgruntled employee of company. The Economic Impact of Network Attacks on Small Business Network security breaches can have many tangible and intangible impacts on a small business. Research firm Computer Economics has reported that organizations face three types of economic impact as a result of hacks or intrusions. 1 Internet security Alliance, Common Sense Guide to Cyber Security for Small Businesses 2 Internet Storm Center, Are you being harassed or stalked online? Network Security and the Small Business 3

4 The immediate economic impacts include costs of repairing or replacing the damaged system, disruption of business operations and delays in transactions and cash flow. Short term economic impacts include loss of contractual relationships or existing customers due to company s inability to deliver products, negative impact on the reputation of an organization and hindrance to the development of new business. Long-term economic impacts are decline in market valuation and stock prices and reduced goodwill standing. Findings of Computer Economics has also shown that in smaller companies, major economic impact of malicious attacks is lost revenue which accounts for about 50 percent of the economic impact. The cost of cleaning, repairing and restoring computers and networks represents about 20 percent of the economic impact in smaller companies as compared to eight percent in larger companies. The loss of productivity represents about 30 percent in smaller companies and 12 percent in larger companies. ROI for Security Spending Annual ROI for security spending for small business ranged between $6,282 (for companies with 25 devices attached to computers) and $23,873 (with 100 devices attached to computers) in low intensity e-business environment and between $56,738 and $196,020 for high intensity e-business organizations. Conclusions and Recommendations As smaller firms are becoming more dependent on internet for conducting their business, they are becoming increasingly vulnerable to damaging security attacks. Whether company is vulnerable to computer viruses and worms, denial-of-service (DoS) attacks, malicious employees or human error, all these threats are large enough for a small business to devastate its credibility and customer base. So securing information systems is critical for any small business as network security breaches directly impact a company s bottom line. Network Security and the Small Business 4

5 Recommendations: You can take following basic steps to protect your network and critical business data: You must have antivirus software and anti spyware software installed on all of your computers. Antivirus software scans your databases and e mail messages to prevent infections of viruses. Anti spyware protects your network form malicious programs. But as new threats are constantly being developed Anti spyware protects your network form malicious programs. But as new threats are constantly being developed by hackers, so you must update your antivirus and anti spyware software regularly so that it can detect and prevent all the new threats. by hackers, so you must update your antivirus and anti spyware software regularly so that it can detect and prevent all the new threats. Set up a firewall to monitor flow of traffic and to control unwanted access to your network or computers. Protect your sensitive documents with passwords. Do not use passwords that are easy to guess. You must change passwords regularly. Use the internet safely and download programs from trusted websites only. About Building 2, 10 Duerdin Street, Clayton VIC 3168 AUSTRALIA Phone: (03) [email protected] Web: Network Security and the Small Business 5