By IAN ROSS
Small businesses are fast becoming targets of Internet criminals intent on planting viruses in a never-ending hunt to steal valuable and sensitive financial information, says an Internet security expert.
Fighting this ever-evolving threat is a complex task that’s becoming more difficult as society grows more complacent, says Bernie Vierich, Ontera’s director of marketing and customer care.
Internet security is only mentioned in the headlines when a global computer virus strikes. But new viruses are popping up at a rate of two per day with more than three million reports of automated attacks worldwide.
Vierich says small business owners are sometimes lulled into a false sense of security that no one would bother to attack them. When last year’s Mydoom virus struck, only one in six large businesses worldwide were affected compared to one in three small businesses.
Because of that, Vierich says, Internet attackers have changed tactics to focus on more vulnerable small businesses.
Vierich will be spending December on the road hosting speaking engagements for business groups to raise
awareness on what the risks are and what can be done.
In his travels, he finds many small enterprises demonstrate a “laid back” approach to their Internet security.
“There is a tendency to feel a lot safer up here with respect to the Internet. The same way you wouldn’t do business in downtown Manhattan, it’s the same way you wouldn’t in downtown Sudbury. You can’t use the Internet in a Northern Ontario context, it has to be a worldwide context.”
Attacks can come from anywhere and networks can be infiltrated without users knowing they are contributing to the information gathering.
He says the average computer with a high-speed connection will get scanned at least 10 times on the first day by automated probes.
“As soon as you get on, people are looking to see if you’re vulnerable.”
Vierich says some badly burned companies have become so gun shy, they’ve unplugged their Internet connections entirely.
Small business has to make Internet security a priority and budget accordingly. Vierich says consider the cost to your company if you don’t.
According to a US Federal Bureau of Investigation study, more than 80 per cent of all businesses are attacked by viruses with the average cost of dealing with that infection at US $40,000. About 37 per cent of those businesses took more than seven days to recover.
“We’re talking about waking everybody up, before that happens.”
One threat, known as “phishing,” comes by way of fraudulent e-mails and pop-up windows on the Internet that ask for confirmation of your user name and password as a means of gathering sensitive information.
“Many people are taken into these scams which are run by criminals who are fraudulently trying to get your confidential information,” says Vierich.
Security industry statistics indicate there are 66 phishing attempts going on per second.
Threats can also come from within the workplace. A Gallup poll estimates the average employee spends 75 minutes per day, or six hours a week, surfing the Internet for non-work related activity. Vierich suggests if your company does not have an IT professional, consider hiring a consultant or moving toward managed security services via an Internet provider who can manage all security software updates.
“It’s not just protection, it’s keeping up to date that’s critical.”
The cost for this service can vary from a few hundred dollars per month, depending on the size of the business and level of security, to a few thousand. He advises some basic level of security should include firewall, anti-virus and anti-spam protection with some sort of web filtering product. He recommends intrusion, detection and prevention systems, which monitor the activity on a connection and can disable recognized attack patterns.
