«»
FEATURE
Small business security
Related Articles
Latest Features
Malware
Malware is a blanket term referring to all forms of malicious software that can compromise a computer. Comprising viruses, trojans, spyware, worms and rootkits under the blanket term crimeware, it’s anything designed to fool the user, take control of their computer, steal information or (less commonly) destroy data. Malware is the primary reason that virus-scanning, spyware-scanning and firewall software packages are a cornerstone of the software business today.
A good package will scan incoming email and its attachments, monitor your network ports for unusual activity, catch applications stealthily installing themselves in the background of your user session, and code attempting to hijack your computer through a website. Increasingly, security software also provides protection and detection of phishing sites, which pose as authentic versions of financially-related websites in a bid to capture information like login names and passwords.
Data theft
When entire computers such as mobile worker’s laptops can so easily be stolen, the issue of protecting portable devices that contain personal and business information is critical. Once stolen, most entry-level password protection can be easily bypassed by a determined digital thief. Thus, for a business with a significant mobile workforce, hard drive encryption solutions are an excellent idea. Products such as Bitlocker Drive Encryption can lock down a hard drive’s contents, encrypting all the files and preventing unauthorised access. After a computer and its hard drive are decommissioned, it’s important to wipe the contents entirely clean – there’s no telling whose hands they may end up in. Triple-overwrite methods and other consumer-level tools may not entirely destroy a drive’s contents, which can be recovered in a lab environment. Procedures such as this are described as forensic recovery.
Social engineering
Mastered by the infamous hacker Kevin Mitnick, social engineering refers to methods used by hackers and criminals to gain information that they need. Initiating a phone call or email to an employee at the organisation they are trying to hack, the successful social engineer poses as a bona fide correspondent whom employees are likely to trust, showing their clear subject matter knowledge and references to other known employees to lend weight to their story. With a persuasive pitch, the miscreant can gain passwords, details of internal systems, names of key people and sensitive inside information. A successful application of this approach can gain the hacker far more valuable information than a random dumpster dive or port scan ever will. Unfortunately the only effective tool against social engineering is to educate your staff about its existence and implications – people naturally want to help other people, and the social engineers take advantage of this tendency.
TOP 5
Security myths
1. “You can’t receive an infection just by visiting a web site.”
UNTRUE Web sites today are a minefield of malicious code, in the form of Javascript, Java, ActiveX and Macromedia Flash exploits. When you see the note in a piece of interactive content “click here to activate this control”, be wary.
2. “Powerpoint files are safe.”
UNTRUE Powerpoint files are just as able as any other Office file to contain malicious macro code or trojans that will launch malicious elements.
3. “Unplugging my computer from the wall protects me.”
UNTRUE If your computer has already been compromised, it could become as vulnerable as a four-lane highway to the raw Internet. Unplugging it temporarily prevents active traffic from occurring, but it will resume the moment you plug it in again, unless the computer is properly disinfected. Unplugging is no substitute for up-to-date security software, updates and knowledge of threats.
4. “Funny ‘joke’ files from my friends won’t be infected.”
UNTRUE People may not scan files that come from a trusted source, but this kind of thinking could be the reason that none of your contacts previously scanned that file, either. Be especially wary of programs with the extensions .VBS, .COM., .BAT and .EXE.
5. “My network is so small, no one would bother hacking it.”
UNTRUE “Security by obscurity” is a problematic attitude that can lead to poorly secured systems becoming host “zombie” computers for massive spam mailouts or generators of denial-of-service attacks. No matter how small, any computer system can be attractive for hackers as a system for sending traffic or storing contraband data.
This article appeared in the May, 2007 issue of PC Authority.
«»
Comments
Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Microsoft is offering substantial discount deals on Windows 7 Home Premium packs for families (up to 3 licences) for under $250.
Believe it or not, but Microsoft weren't always so web friendly. In fact, it was Bill Gates who initially panned the internet and Microsoft's future in it. So what turned it all around?
Packed with features, only its value for money lets it escape without an award this month