Noted computer security journalist Brian Krebs who wirtes the Security Fix blog and also for the Washington Post has recently chronicled in his blog the escalation of costly cyber security incidents encountered by small and medium businesses. This three part article highlights these developments and suggests several practical and affordable defensive measures for small and medium businesses. To request a complete copy of the article you can email us: info [at] calyptix [dot] com.
How to protect yourself. Protective measures include implementing sound financial management practices, educating staff and implementing sound IT practices and technologies.
• Reconcile your bank accounts daily. Pay special attention to all online banking and credit card activities, AND including checks generated from online bill pay systems. The victimized companies Krebs interviewed which were most successful in retrieving stolen funds were those who quickly spotted the fraudulent transfers through monitoring account activities. Some crooks taking a page out of the VAR playbook for recuring revenue have set up monthly automatic bill payments - paying themselves via check to some non-descript company at a PO Box to avoid detection form the casusual observer.
• Ask your bank to set up a notification procedure - perhaps approval by phone -- for any transfers or bill payments that fall outside of your normal online banking activity.
• For employees who need to access accounts online, consider setting them up with a separate isolated computer. Noting most attacks have been on Microsoft Windows systems, Krebs suggests using a Mac or Linux system (perhaps even a live CD distribution of Linux). We also invite you to contact us to learn how we can tailor our accessEnforcer to further lockdown a dedicated banking terminal.
• Be wary of unusual experiences when accessing online banking systems including login difficulties or unusual experiences with the bank’s website (e.g. slowness, formatting, color, logos, quality, misspellings, etc.).
• Educate your staff and executives about the risks and best practices for passwords, unsolicited email, unknown website links, software updates and downloads. Make certain to highlight this issue for staff who access online bank accounts; however, once a single workstation is infected anywhere on a network all others may be at serious risk.
• Keep all systems (workstations, servers, network equipment, etc.) promptly patched with all security updates to prevent attacks against security vulnerabilities.
• Implement a coordinated layered security strategy (aka “Defense in Depth”) across the network, including protection at the perimeter (e.g. internet gateway), servers and workstations.
• Implement a stringent perimeter defense that provides visibility into all traffic and utilizes proactive security techniques such as intrusion prevention, web filtering and other techniques to stop invisible network attacks, scans and exploits.
• Eliminate spam and other email from untrusted sources.
• Establish proper reporting and controls to prevent web surfing and software downloads from sites susceptible to malware (e.g. pornography, videos, pirated music and software, etc.).
For additional information, go to www.calyptix.com where you may access a free whitepaper entitled Twelve Security Techniques for Small Businesses.
0 comments:
Post a Comment