Simple steps to keep your PCs shut to online criminals

Written by Bobby Mon | Updated: Feb 13 2012, 06:23am hrs
With growing security attacks on technology globally, it is becoming increasingly difficult and complex for small and medium businesses (SMBs) to assemble the right in-house resources to protect themselves against the cyber threats they face, whether its a data breach through the network, data leakage by employees, or lost laptops/mobile devices. We have also seen an uptick in the number of court cases, where SMBs have had six figure amounts stolen out of their bank account by cyber thieves. The liability for these breaches is being shifted to the CIOs and IT managers. The need for comprehensive information security is more pressing now than ever before.

According to the Norton Cybercrime Report 2011, the cost of global cybercrime is $114 billion annually. Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost. In India it is estimated that more than 29.9 million people fell victim to cybercrime last year, suffering $4 billion in direct financial losses and an additional $3.6 billion in time spent resolving the crime. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).

For a growing business, a single financial attack could put a smaller company out of business or irrevocably cut into annual profits for a medium sized business. The implications of a financial breach can be a matter of life or death for SMBs.

Ensuring that organisations not only have the right network security solutions in place but have implemented comprehensive endpoint security is important to defending against the current and emerging cyber threats. This is especially relevant as we have seen hackers move from attacking the network to attacking the PC. Organisations should reevaluate their current security precautions on a regular basis and make sure these measures are communicated companywide. Here are some simple steps to help protect financial data and minimise risk:

Isolate machine for important tasks. Use a dedicated computer for financial matters such as online banking and bill pay. That computer should not be used for extraneous activities such as sending and receiving emails or surfing the Web. Web exploits and malicious email are two key infection vectors for malware.

Dont trust easily. Avoid clicking on links or attachments within emails from untrusted sources. Even if you recognise the sender, if an attachment is unexpected or looks suspicious, you should confirm that the sender has sent the specific email before clicking on any links or attachments.

Reconcile your banking statements on a regular basis with online banking and/or credit card activity to immediately identify abnormal transactions that may indicate account takeover.

Keep it professional. Advise your employees against visiting small, hosted websites that feature community forums for hobbies involving sports, computer games etc. These small community forums are often hosted by internet service providers (ISPs) which are not diligent about securing their hosted websites.

Look before you click. If you are visiting a website and are not sure if it has been secured from viruses, observe the quality of the site. Watch out if the website appears to be quickly put together and is not sophisticated or has a disclaimer that warns browse at your own risk and indicates the authors are not liable for any information you might see on the site.

Do your homework before selecting an anti-virus vendor, ensuring that they not only provide coverage for the key threats but also respond quickly with protections when new ones are introduced. Invest in an anti-virus product instead of using trial versions as your source of protection. Trial versions of anti-virus products are good for testing products but they do not receive updates, so any new virus that is introduced after the trial version was released will have total access to your PC.

Make sure you have your security protections in place throughout the organisation and install regular updates for your applications and for your computers operating system.

Be cautious about installing software (especially software that is too good to be trueexample, download accelerators, spyware removal tools etc), and be cautious of pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.

The bottom line: Its much more expensive to deal with the consequences of a financial breach than it is to prevent one. Dont wait until the last minute to find out just how essential it is and start putting your security precautions into place before its too late.

The writer is headenterprise business, SMB, Dell India