Your business may be small, but you still need to think
about protecting your important data and assets. According to Symantec's latest
Internet
Security Threat Report, 31% of all deliberately targeted hacker attacks are
now aimed at SMBs, a 13% increase in just one year. Why? Simple: SMBs typically have less network
security than larger companies, and that makes them low-hanging fruit. Tech
startups, accounting firms, legal practices, and other thriving SMBs can be temptingly
juicy, both for their own resources and as a convenient springboard for a
larger attack. In fact, we have seen a
couple of small businesses be targets of payroll and banking attacks locally
over the past 3 months.
Typically, hackers leapfrog over standard network security with
social engineering. They gather data from social networking sites about a
specific victim within a company. Using that data, they craft email that looks
like it originates from a known and trusted source ("spear phishing")
or they spoof or infect a website the victim visits frequently
("waterholing"). When the victim opens the email or visits the site,
it launches sophisticated malware that gives the hackers more access to the
network so they can steal its data or use it to attack other targets.
In an era of socially engineered attacks, the best defense
is to assume you're a target. You don't have to give up social networking
sites. You do, however, need to start thinking about your employees themselves
as your first line of defense. Start by raising company-wide awareness about spear
phishing, waterholing, and other targeted attacks. After that:
-Develop comprehensive security policies and procedures.
-Review those policies and procedures with employees.
-Enforce them without exception. No one, even your top officers, should be exempt.
-Re-evaluate them regularly to ensure they're up to date.
-Develop comprehensive security policies and procedures.
-Review those policies and procedures with employees.
-Enforce them without exception. No one, even your top officers, should be exempt.
-Re-evaluate them regularly to ensure they're up to date.
Xantrion stays on top of security trends and follows
industry best practices for blocking known attacks and mitigating the damage
from any that get through. Let us help you evaluate your risks and develop
policies and practices to manage them — call us to get started right away!
