“Protecting Digital Lives”Security Webinar for Small Business

http://www.frontier.com/secure

Intro

2

• Each cyber attack costs small and medium sized businesses an average of nearly $200,000 per incident

• 80 percent of small businesses that experience a data breach go bankrupt or suffer severe financial losses

• Our webinar is here to educate you and provide some helpful hints on how to protect your business from internet security issues

Firewalls

3

• Symantec recorded nearly 60 million attempts by hackers to gain unauthorized entry into business and home computers in a single 24-hour period

• The first way to prevent this is to have a firewall• A firewall acts as a barriers between one

network and another. It prevents unauthorized inbound and outbound traffic. On a small business network, a firewall will separate the local private network from the Internet. A firewall will inspect the information trying to come through and will determine if it is legitimate. A firewall can hide your personal network protecting it from unknown intruders.

• Make sure to protect other servers that are connected to your network for special functions, such as sharing a printer, store files, or deliver Web pages. If it is connected to the Internet, it is a risk and needs a server.

Common Security Threats

4

Spam

Spam, or unsolicited commercial e-mail messages, wastes bandwidth and time. The sheer volume of it can be overwhelming, and it can be a vehicle for viruses. Much of it is of an explicit sexual nature, which in some cases can create an uncomfortable work environment and, potentially, legal liabilities if companies do not take steps to stop it

Common Security Threats

5

Spoofing

IP Spoofing - creating packets that look as though they have come from a different IP address. This technique is used primarily in one-way attacks (such as denial of service attacks). If packets appear to come from a computer on the local network, it is possible for them to pass through firewall security. IP spoofing attacks are difficult to detect and require the skill and means to monitor and analyze data packets

E-mail Spoofing - forging an e-mail message so that the From address does not indicate the true address of the sender. They may ask you to log in and update your info or submit your billing information

Common Security Threats

6

Phishing

Phishing is becoming more and more prominent for hackers and organized crime. Typically, an attacker sends an e-mail message that looks very much like it comes from an official source (such as a bank or a website you shop at)

Links in the message take you to a fake website that also looks like a real page. The goal of the scam is to trick you into giving away personal information so that the hackers can steal your account information or even your identity

The victims of these scams are the users who may give up personal and confidential information, but also the spoofed business’ brand and reputation that were used to gain the customer’s trust

http://www.antiphishing.org/images/h2_2011_phishing_reports_chart.jpg

Common Security Threats

7

Viruses

Viruses are programs designed to replicate themselves and potentially cause harmful actions and infect other programs on your computer

They are often hidden inside harmless programs. Viruses in e-mail messages often masquerade as games or pictures and use beguiling subjects to encourage users to open and run them

Common Security Threats

8

Worms

Worms also replicate themselves, but they are often able to do so by sending out e-mail messages themselves rather than simply infecting programs on a single computer. They can break into computers without human assistance or knowledge

Trojan Horses

Trojan horses are malicious programs that pretend to be benign applications. They don’t replicate like viruses and worms but can still cause considerable harm. Often, viruses or worms are smuggled inside a Trojan horse

Common Security Threats

9

Spyware

Spyware refers to small, hidden programs that run on your computer and are used for everything from tracking your online activities to allowing intruders to monitor and access your computer.

You can become the target of spyware if you download music from file-sharing programs such as limewire, free games and movies from sites you don’t trust, or other software from unknown sources.

Common Security Threats

10

Tampering

Tampering consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after a network has been penetrated. For example, an attacker may try to change the data in your files as it leaves your network

Repudiation

Repudiation refers to a user’s ability to falsely deny having performed an action that other parties cannot disprove. For example, a user who deleted a file can successfully deny doing so if no mechanism (such as audit records) can prove otherwise

Common Security Threats

11

Information DisclosureInformation disclosure consists of the exposure of information to individuals who normally would not have access to itFor example, a user on your network might make certain files accessible over the network that should not be shared. Employees also tend to share important information, such as passwords, with people who should not have them

Denial of ServiceDoS attacks are computerized assaults launched by an attacker in an attempt to overload or halt a network service, such as a Web server or a file server For example, an attack may cause a server to become so busy attempting to respond that it ignores legitimate requests for connections 

Common Security Threats

12

Elevation of PrivilegeElevation of privilege is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system

For example, an attacker might log on to a network by using a guest account, then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges

Pirated SoftwareIn the United States, an 19% (http://portal.bsa.org/globalpiracy2011/) of software is counterfeit. While the low prices of counterfeit software can be attractive, such software comes with a potentially much higher price: Counterfeit software can contain bugs and viruses and is illegal

Conclusion

13

• Most attackers use the processing power of computers as their weapon• They might use a virus to spread a DoS program to thousands of

computers. They might use a password-guessing program to try every word in the dictionary as a password– Of course, the first passwords they check are “password,” “letmein,”

“opensesame,” and a password that is the same as the username. • Attackers have programs that randomly probe every IP address on the

Internet looking for unprotected systems and, when they find one, have port scanners to see whether any ports are open for attack– If these attackers find an open port, they have a library of known

vulnerabilities they can use to try to gain access. For more deliberate attacks, such as industrial espionage, a combination of technology and social engineering is most effective. • (Ex. Inducing members of your staff to reveal confidential

information, rifling through trash in search of revealing information, or simply looking for passwords written on notes by monitors)

Tips to Protect Your Small Business from Cyber-Attacks

14

• Never click on Hyperlinks within emails, instead, copy and paste them into your browser

• Use SPAM Filter Software• Use Anti-Virus Software• Use a Personal Firewall• Keep Software Updated (operating systems and web

browsers)• Always look for "https://" and padlock on web sites that

require personal information• Keep your computer clean from Spyware• Educate Yourself of fraudulent activity on the Internet• Check & monitor your credit reporthttp://www.fraudwatchinternational.com/phishing/individual_alert.php?fa_no=240305&mode=alert

Social Media Security Tips for Small Businesses

15

• There are long-term marketing benefits of social media, but there are also security issues that come with it. Here are some tips for your small business below.

• #1 Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

• #2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder.

• #3 Limit social networks. Through secondary research about social media security, 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating have been found. Some are more or less appropriate and others even less secure.

Social Media Security Tips for Small Businesses

16

• #4 Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.

• #5 Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure your business network is up to date.

• #6 Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

• #7 Companies who eliminate access to social media open themselves up to other business security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

http://www.infosecisland.com/blogview/20943-Social-Media-Security-Tips-for-Small-Business.html

Frontier Secure Tips

17

• Passwords: Don’t choose a common password such as “123456.” Make your password personal, such as the name of your favorite sports team plus your favorite number, or your favorite teacher

• Information: Share as little personal information as possible. That might be difficult since you do just that on Facebook or Twitter, but do not include any financial information, your birthday, address, e-mail address, phone number, etc

• Limit: The more social networks you join, the greater your chances of being hacked. Limit your social networking sites to two or three at most. Stick to popular networks such as Twitter and Facebook because they are more credible and have stricter safety standards

• Security: Make sure your computer has the latest security software so it’s protected against attack from social media hackers, viruses, spyware and other Internet threats

Frontier Secure Tips

18

• Safety: Update the privacy settings on your social networking pages. Limit the friends and followers who see your content. For example, on Facebook you can control where your posts go by customizing the “Settings” icon of your profile page. On Twitter, you can request notification when someone new is following you

• Know your source: Never click on a link from someone you don’t know. Remember that even your friends can have a computer virus that blasts to all their contacts without their knowledge

• Look out for “Deals”: Many of us take advantage of various discount opportunities, but even these links may have viruses. Be sure you’re opening a safe link even if the business is credible

• Search term mix ups: A harmless Internet search can bring up websites laced with viruses. Be extra careful about what you type in a search engine

 

Frontier Secure

19

 

Frontier Secure

20

 

Sources

21

• Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures http://www.infosecisland.com/blogview/20943-Social-Media-Security-Tips-for-Small-Business.html

• http://www.fraudwatchinternational.com/phishing/individual_alert.php?fa_no=240305&mode=alert

• http://portal.bsa.org/globalpiracy2011/

• http://www.smallbusinesscomputing.com/webmaster/article.php/10732_3908811_2/15-Data-Security-Tips-to-Protect-Your-Small-Business.htm

• http://www.smallbusinesscomputing.com/biztools/article.php/10730_3930231_2/10-Top-Small-Business-Security-Tools.htm

F-Secure rated #2 overall best security product from independent testing by AV-Test (full article)