Essential Internet Security Tips For Business 2. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Distribution Rights To This Material:
ESET UK grants the reader the ability to freely distribute this material
according to the following conditions;
ï· You MAY email this material to 3rd parties
ï· You MAY re-purpose this material on other websites
ï· You MAY include this material as part of a greater, non-
commercial marketing package
ï· You MAY NOT sell this material without prior written
consent from ESET UK
ï· You MAY NOT edit, re-brand or in any way change this
material from its original form without prior written consent
from ESET UK
ESET UK
Sovereign House
242 Charminster Road
Bournemouth
BH8 9RP
Tel:( 44) 0845 838 0832
Web: www.eset.co.uk
Email: sales@eset.co.uk
Disclaimer:
ESET UK has endeavoured to ensure all material within this book is accurate
and correct at the time of publication. ESET UK acknowledges that the
materialâs accuracy and relevance may change at some stage in the future
and therefore strongly advises the reader to use this material as a guide only
and to cross-reference other material as a means of assessing its accuracy.
ESET UK is not responsible for the content of any external websites
referenced in this material. ESET UK reserves the right to amend, remove or
otherwise change any and all products and website materials present on the
http://www.eset.co.uk/website that this material references.
Copyright © 2013 ESET UK
ALL RIGHTS RESERVED.
3. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Chapter 1
Mac vs PC - Debunking The MythâŠThe Real
Truth Laid Bare
In 2007 comedy duo David Mitchell and Robert Webb were
employed by Apple to advertise1 their Mac computer...
âLast year there were 114,000 known viruses for PCs,â said Mitchell,
playing a sneezing PC. âPCs, not Macs,â replied the Mac, otherwise
known as Webb.
The advert does not outright claim that Macs arenât affected by
viruses, but it does suggest that viruses arenât something Mac users
need to worry about.
Is it still true in 2013 that Macs arenât affected by viruses, or could
the idea that Mac users do not need antivirus software lead to big
problems for the millions of Mac users worldwide?
Windows is still easier to hack:
Even today, many security experts believe2 that it is easier to hack
into the Windows operating system than Macâs OS X.
As a result there are many more viruses that affect PCs - but this
certainly doesnât mean that Macs arenât at risk.
While PC owners are much more likely to protect themselves with
antivirus software, most Mac users donât accept or know about the
dangers they may face.
The numbers game:
Itâs thought that the global market share for Windows is above 90%.
For this reason, hackers coming up with viruses often build them
specifically for PCs, as a greater number of computers have a
chance of being affected. For this same reason, news of viruses
affecting PCs is much more likely to be reported, adding to the
impression that Macs are unthreatened by viruses.
4. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
However, as more people are beginning to use Macs, the security
threat is becoming more real - especially when you consider that the
Mac market share in wealthy western countries is as much as 20%.
Inevitably, more and more criminals will be tempted to make viruses
targeting Macs specifically.
Even Apple is facing the truth:
While in 2007 Apple was happy to very publicly declare itself
unaffected by PC viruses, that all changed in 2012.
Previously the American computer giant had said that a Mac âdoesnât
get PC virusesâ.
However, once it was established that a virus had affected 600,000
Macs3, Apple could no longer insist its computers were virus-proof,
and instead began to say4 that Macs were simply âbuilt to be safeâ.
Antivirus software the only surefire solution:
When it comes to viruses, there seems to be 3 main types of Mac
users...
The first doesnât believe that their Mac is under risk.
The second believes that Macs may be more at risk in the future, but
for now they will be ok.
Perhaps this is understandable - after all, for years the large majority
of Mac users have been blissfully unaware of the viruses that blight
PCs, and are happy to believe that for the time-being that situation is
set to continue.
The third type of Mac user understands that a serious virus could
potentially affect their Mac, whether tomorrow or in several months
and has invested in antivirus software to ensure that when such a
virus is unleashed, theyâll minimise their chance of being affected.
The last type of user is one who will stay safe from viruses in the
future.
Which type of user are you?
5. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
References:
1 - http://www.youtube.com/watch?v=iY1iSocnPw0
2 - http://www.pcadvisor.co.uk/features/security/3418367/do-apple-macs-
need-antivirus-os-x-security-explained/
3 - http://www.examiner.com/article/not-invulnerable-flashback-trojan-said-to-
hijack-600-000-macs
4 - http://www.examiner.com/article/apple-quietly-admits-os-x-no-longer-virus-
free
6. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Chapter 2
Android Operating System On Your Mobile
Device âŠEssential Security Information You
Need To Know!
One of the most innovative, customisation-friendly and democratic
platforms available, Android, is in many respects an app-loverâs
dream.
With an open platform that allows for adaptation and the sale of an
enormous range of exciting apps at lightning speed, the Android
world moves quickly.
There is, however, a downsideâŠ
This âfree loveâ approach can leave Android users vulnerable1 to
hackers and malicious software, particularly if their Operating
System (OS) is in any way out of date.
Indeed, dubbed by some experts2 the ânatural choiceâ for online
attacks, Androidâs brave new open world requires stringent security
measures in order to keep usersâ data safe.
In this article, we examine 3 Android OS-related security problems
and what can be done about them.
1. Many Android Operating Systems Are Out Of Date
Unless you purchased your Android tablet or phone recently, the
chances are that your device is working through an outdated OS,
leaving you vulnerable to severe security threats.
Googleâs most recent data3 shows more than a third of Android
customers are still using âGingerbreadâ or versions 2.3.3 to 2.3.7
(released two years previously). Gingerbread carries a number of
security weaknesses which were rectified in more recent versions.
While around one third of Android users are now on the more
secure, up-to-date operating system known as âJelly Beanâ, most
Android customers have not yet been able to upgrade because the
OS is still under tight control by the carriers4.
7. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
2. Android Users Canât Initiate OS Updates
Themselves
âOne of the most important things in software security today is the
ability to remotely update,â said Collin Mulliner4, a researcher with
the Systems Security Lab at North-eastern University in Boston, at a
special panel discussion at the RSA security conference earlier this
year.
Unfortunately, while iPhone or iPad users can initiate the operating
system update themselves, with Android the updating process is
under the control of mobile carriers. At this time, efforts to push out
user updates have been reported4 to be extremely disappointing
Any update delays can leave users vulnerable to malicious software
and attacks.
3. Androidâs Open Platform Enables Device
Manufacturers And Carriers To Adjust The
Operating System
And they often do; for example, for the purposes of setting desired
configuration settings or offering extra software bundles.
Whenever a new Android operating system update is released, the
carriers and the vendor need to test these adjustments against their
own âhome-brewâ systems before they can release the latest
version4.
Some devices never get the latest version because they are older
models or are being phased out. Google releases an update roughly
every 6 months, but some devices have been known not to receive a
single update for well over a year, if at all4.
With all these potential issues, itâs perhaps little wonder than some IT
experts have dubbed Android the âIT communityâs latest problem
childâ5.
In fact recent research by French security experts Pradeo6 showed
Android app threats to outnumber those by IOS apps by a rate of
21:1. At the same time, itâs well acknowledged7 that Android offers
users fantastic customisation options and an enormous range of
8. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
fantastic apps that make life just that little bit easier and more
enjoyable.
To help make your Android and mobile device more secure, there
are a number of leading mobile antivirus solutions worth
investigating, that are fairly priced and easy to use.
References:
1 - http://www.cio.com/article/675084/8_Essential_Android_Security_Apps
2 - http://www.itworld.com/open-source/350033/android-it-communitys-latest-
problem-child
3 - http://developer.android.com/about/dashboards/index.html
4 - http://securitywatch.pcmag.com/android/308966-android-s-biggest-
security-threat-os-fragmentation
5 - http://www.itworld.com/open-source/350033/android-it-communitys-latest-
problem-child
6 - http://www.gomonews.com/android-apps-are-more-risky-than-ios-by-211-
says-pradeo/
7 - http://techland.time.com/2013/04/25/new-android-phone-check-out-these-
14-essential-hints-and-tips/
9. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Chapter 3
Bring Your Own Device (BYOD) & SecurityâŠ6
Simple Steps To Help Ensure Your BYOD Safety
Over the past few years, the functions and range of use of mobile
technology has exploded with smartphones and tablets. At the same
time, flexible working patterns, Social Media marketing and remote
working has continued to blur the line between work and home
somewhat. As such, the practice of BYOD (Bring Your Own Device)
into work has flourished.
BYOD: Help Or Hazard?
Proponents of BYOD say itâs a great way to boost morale among
team members and cut costs.
Letting staff work on the device they love and are used to operating
can benefit the company balance sheet, so it must be good for
business, right?
Well, it depends...
Critics of BYOD point out that these practices can be dangerous to
company data security, leaving precious information vulnerable to
loss, theft, or misuse and hence place corporate reputation and
profits at risk.
So whatâs the solution?
Ultimately, itâs up to the individual business to decide what is best for
their company practice according to its own means, security policies
and so on.
But one thing is certain: if you want to try BYOD, you must take
certain measures.
Because failing to do so can potentially leave your company
vulnerable to Internet attacks, data loss and even legal
repercussions â especially if your firm handles sensitive data.
10. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Indeed, one study1 found that in situations where devices were
intentionally lost and data was compromised leading to financial
losses, the average cost to a company was $250,000.
So how can you ensure security for BYOD?
It begins with a few clear steps:
1. Determine The Terms Of Your BYOD Policy
Ask yourself questions like:
âą Who owns this device?
âą Who is ultimately responsible (and liable) for its data security?
âą What rules can we determine in writing that can help to ensure the
safety of our data?
You need to be sure that you not only have security policies, but that
you have the ability to enforce those security policies for individual
devices and that you can safeguard your intellectual property in the
event of a device being stolen or lost.
2. Ensure Super-Strong Passcodes For Every
Device
When it comes to BYOD security, the best starting point is to employ
the same security requirements that you employ for your own
network devices â strong passcodes are obviously a key part of that.
A robust passcode makes it extremely difficult for an individual to
breach security and compromise data.
3. Conduct Full-Disk Encryption For Disk, Cloud
Storage And Removable Media
If the device-point passcode is somehow compromised, ensuring
that the data stored on the device is encrypted offers a second layer
of security that a hacker would need to breach in order to be able to
steal the data.
11. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
4. Purchase Premium Mobile Device Management
(MDM) Software
Effective MDM software enables you to remotely manage, secure
and monitor company information on mobile devices. It can be a
lifeline for businesses incorporating BYOD.
For example, MDM software enables you to wipe sensitive
information in the case of a device being lost or stolen.
5. Application Control
Ask yourself if you have the authority to ban the use of certain
applications on BYOD?
For example, IBM recently banned2 some speech-to-text
applications on employee devices.
Should you and would you be able to do the same?
6. Purchase Antivirus And Firewall Protection As
Well As Data Loss Prevention (DLP) Software For
Use Across All Devices
The best antivirus and firewall software products for use across
BYOD can protect you from
hacking attempts. But what is Data Loss Prevention (DLP) software
and how can it protect you from potential data leaks within your own
ranks?
Data Loss Prevention software is there to ensure that end users
cannot transfer critical or sensitive data beyond your business
network. It can help your administrators monitor and control what
information your employees send - this is essential.
Allowing your employees to access company data through their own
devices presents particular risks and unfortunately, not all antivirus
and data loss prevention software products can offer the same level
of protection from threats.
12. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
References:
1 - http://smallbiztrends.com/2013/06/byod-trend-productivity-security.html
2 - http://www.sophos.com/en-us/security-news-trends/security-trends/byod-
risks-rewards/what-byod-means-for-security.aspx
13. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Chapter 4
SME/SMB PC & Mobile Device Best
PracticesâŠ5 Essential Tips Your Business Will
Immediately Benefit From
Streamlining your means of communication and data management is
crucial, whatever the size of your business.
Over the last 10 years or so, one of the most notable shifts in the
business world has been the increasing demand for the easy access
of corporate applications and data on mobile devices.
Individual productivity and collaboration tools like email, contact
management, calendars and general web access have spearheaded
the trend in companies âgoing mobileâ. Now businesses increasingly
want to make as many processes as possible personal PC-based
and âmobileâ, in order to facilitate productivity and flexibility for
customers.
Research shows this is true not just for larger businesses - in fact a
2010 study1 showed that 84% of medium-sized enterprises (from
100 to 1000 employees) use wireless and mobile devices for
essential business functions.
Most small and medium-sized businesses donât have a large IT
support team to manage their PC and mobile systems and therefore,
they will often look for effective, ready-to-use systems. However, the
effective selection and management of any systems can still be tricky
and requires a number of considerations.
Here are 5, essential tips for SME/SMB PC and mobile device use:
1. Consider Your Communications And Data
Strategy
While some smaller businesses do have clear PC and mobile device
strategies in place, many seem to adopt new systems as a response
to industry trends as much as anything else.
14. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
In fact, as business IT experts1 advise, the adoption of any new
systems should be preceded by a clear weighing of the costs and
benefits, as well as the specific end-goals.
A key question when considering new systems and applications
should be: how will they streamline workflows, bring down costs or
enhance our customer service?
2. Determine Who Should Access Which Data And
When
As any wise business owner knows, their IT systems should not
simply be an open book for all to see.
Determining which information and systems are necessarily and
appropriately managed by which employees is essential. Once this is
decided, you can then take steps to protect privileged systems and
information, for example with password and device configuration.
3. Provide The Right Employee Training And
Safeguards
Poor employee knowledge can be a big threat to your business and
itâs been found that employee disregard for data safety is one of the
biggest concerns1 of business owners.
An uninformed staff member could unintentionally lose or share data,
not only costing your company untold resources and potentially
damaging your reputation. Itâs, therefore, imperative that you provide
the right systems training for your employees.
4. Protect Your Customer Data
Protecting the privacy of customers isnât just a problem for global
giants such as Google and Facebook to worry about. Whatever the
size of your business, the consequences for bad data protection can
be severe, from negative publicity to legal action.
Can you be sure you know where all your customer information is
stored?
Evaluate your companyâs data encryption practices, because these
need to be reviewed regularly. As a result of not doing that, some
15. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
companies are now unknowingly using encryption technology
incorrectly.
Many leading experts now advise whole-disk encryption as opposed
to encryption at file-level â especially for employees who manage
customer data on mobile devices or PCs. Data encryption standards
can change at a rapid rate and businesses that encrypt data
according to standards of a few years ago, may be easily breached
today.
5. Choose Top-Tier Antivirus And Firewall
Protection
If you run a small business of less than 100 employees, an effective
internet security strategy is a must; and small business antivirus
software is an imperative component.
This is one step ahead of individual-user security for each PC,
offering extra benefits such as the capacity to install and run all PC
installations from a central location.
References:
1. http://www.smb-gr.com/wp-
content/uploads/2012/pdfs/SAP_Business_All_in_One_paper3.pdf
16. Copyright © 2013 ESET UK ALL RIGHTS RESERVED
www.eset.co.uk
Additional Resources
Please click on the links below for more helpful tools and information;
Free online scanner
Glossary of computer threat terms
ESET Threat Centre