Frontier Secure: Handout for small business leaders on "How to be Secure"

  • 998 views
Uploaded on

This handout was provided as part of our ongoing monthly webinar series on various issues affecting small businesses. This document is a summary of data and Internet security challenges and …

This handout was provided as part of our ongoing monthly webinar series on various issues affecting small businesses. This document is a summary of data and Internet security challenges and definitions that can affect small businesses. Please contact us at Frontier.com/Security with any questions.

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
998
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. “Protecting Digital Lives”Security Webinar for Small Business http://www.frontier.com/secure
  • 2. Intro• Each cyber attack costs small and medium sized businesses an average of nearly $200,000 per incident• 80 percent of small businesses that experience a data breach go bankrupt or suffer severe financial losses• Our webinar is here to educate you and provide some helpful hints on how to protect your business from internet security issues 2
  • 3. Firewalls• Symantec recorded nearly 60 million attempts by hackers to gain unauthorized entry into business and home computers in a single 24-hour period• The first way to prevent this is to have a firewall • A firewall acts as a barriers between one network and another. It prevents unauthorized inbound and outbound traffic. On a small business network, a firewall will separate the local private network from the Internet. A firewall will inspect the information trying to come through and will determine if it is legitimate. A firewall can hide your personal network protecting it from unknown intruders.• Make sure to protect other servers that are connected to your network for special functions, such as sharing a printer, store files, or deliver Web pages. If it is connected to the Internet, it is a risk and needs a server. 3
  • 4. Common Security Threats SpamSpam, or unsolicited commercial e-mailmessages, wastes bandwidth and time. Thesheer volume of it can be overwhelming,and it can be a vehicle for viruses. Much ofit is of an explicit sexual nature, which insome cases can create an uncomfortablework environment and, potentially, legalliabilities if companies do not take steps tostop it 4
  • 5. Common Security Threats SpoofingIP Spoofing - creating packets that look as thoughthey have come from a different IP address. Thistechnique is used primarily in one-way attacks (such asdenial of service attacks). If packets appear to comefrom a computer on the local network, it is possible forthem to pass through firewall security. IP spoofingattacks are difficult to detect and require the skill andmeans to monitor and analyze data packetsE-mail Spoofing - forging an e-mail message so thatthe From address does not indicate the true address ofthe sender. They may ask you to log in and update yourinfo or submit your billing information 5
  • 6. Common Security Threats PhishingPhishing is becoming more and more prominentfor hackers and organized crime. Typically, anattacker sends an e-mail message that looks verymuch like it comes from an official source (suchas a bank or a website you shop at)Links in the message take you to a fake websitethat also looks like a real page. The goal of the http://www.antiphishing.org/images/h2_2011_phishing_reports_chart.jpgscam is to trick you into giving away personalinformation so that the hackers can steal youraccount information or even your identityThe victims of these scams are the users who maygive up personal and confidential information, butalso the spoofed business’ brand and reputationthat were used to gain the customer’s trust 6
  • 7. Common Security Threats VirusesViruses are programs designed toreplicate themselves andpotentially cause harmful actionsand infect other programs on yourcomputerThey are often hidden insideharmless programs. Viruses in e-mail messages often masqueradeas games or pictures and usebeguiling subjects to encourageusers to open and run them 7
  • 8. Common Security Threats WormsWorms also replicate themselves, but they areoften able to do so by sending out e-mailmessages themselves rather than simplyinfecting programs on a single computer.They can break into computers withouthuman assistance or knowledge Trojan HorsesTrojan horses are malicious programs thatpretend to be benign applications. They don’treplicate like viruses and worms but can stillcause considerable harm. Often, viruses orworms are smuggled inside a Trojan horse 8
  • 9. Common Security Threats SpywareSpyware refers to small, hiddenprograms that run on your computerand are used for everything fromtracking your online activities toallowing intruders to monitor andaccess your computer.You can become the target ofspyware if you download music fromfile-sharing programs such aslimewire, free games and moviesfrom sites you don’t trust, or othersoftware from unknown sources. 9
  • 10. Common Security Threats TamperingTampering consists of altering thecontents of packets as they travel overthe Internet or altering data on computerdisks after a network has beenpenetrated. For example, an attacker maytry to change the data in your files as itleaves your network RepudiationRepudiation refers to a user’s ability tofalsely deny having performed an actionthat other parties cannot disprove. Forexample, a user who deleted a file cansuccessfully deny doing so if nomechanism (such as audit records) canprove otherwise 10
  • 11. Common Security Threats Information Disclosure Denial of ServiceInformation disclosure consists of DoS attacks are computerizedthe exposure of information to assaults launched by an attacker inindividuals who normally would not an attempt to overload or halt ahave access to it network service, such as a WebFor example, a user on your network server or a file servermight make certain files accessible For example, an attack may cause aover the network that should not be server to become so busy attemptingshared. Employees also tend to to respond that it ignores legitimateshare important information, such requests for connections as passwords, with people whoshould not have them 11
  • 12. Common Security Threats Elevation of Privilege Pirated SoftwareElevation of privilege is a process by In the United States, an 19% (http://which a user misleads a system into portal.bsa.org/globalpiracy2011/) ofgranting unauthorized rights, usually software is counterfeit. While the lowfor the purpose of compromising or prices of counterfeit software can bedestroying the system attractive, such software comes with a potentially much higher price:For example, an attacker might log Counterfeit software can contain bugson to a network by using a guest and viruses and is illegalaccount, then exploit a weakness inthe software that lets the attackerchange the guest privileges toadministrative privileges 12
  • 13. Conclusion• Most attackers use the processing power of computers as their weapon• They might use a virus to spread a DoS program to thousands of computers. They might use a password-guessing program to try every word in the dictionary as a password – Of course, the first passwords they check are “password,” “letmein,” “opensesame,” and a password that is the same as the username.• Attackers have programs that randomly probe every IP address on the Internet looking for unprotected systems and, when they find one, have port scanners to see whether any ports are open for attack – If these attackers find an open port, they have a library of known vulnerabilities they can use to try to gain access. For more deliberate attacks, such as industrial espionage, a combination of technology and social engineering is most effective. • (Ex. Inducing members of your staff to reveal confidential information, rifling through trash in search of revealing information, or simply looking for passwords written on notes by monitors) 13
  • 14. Tips to Protect Your Small Business from Cyber-Attacks• Never click on Hyperlinks within emails, instead, copy and paste them into your browser• Use SPAM Filter Software• Use Anti-Virus Software• Use a Personal Firewall• Keep Software Updated (operating systems and web browsers)• Always look for "https://" and padlock on web sites that require personal information• Keep your computer clean from Spyware• Educate Yourself of fraudulent activity on the Internet• Check & monitor your credit reporthttp://www.fraudwatchinternational.com/phishing/individual_alert.php?fa_no=240305&mode=alert 14
  • 15. Social Media Security Tips for Small Businesses• There are long-term marketing benefits of social media, but there are also security issues that come with it. Here are some tips for your small business below.• #1 Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.• #2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder.• #3 Limit social networks. Through secondary research about social media security, 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating have been found. Some are more or less appropriate and others even less secure. 15
  • 16. Social Media Security Tips for Small Businesses• #4 Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.• #5 Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure your business network is up to date.• #6 Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.• #7 Companies who eliminate access to social media open themselves up to other business security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosureshttp://www.infosecisland.com/blogview/20943-Social-Media-Security-Tips-for-Small-Business.html 16
  • 17. Frontier Secure Tips• Passwords: Don’t choose a common password such as “123456.” Make your password personal, such as the name of your favorite sports team plus your favorite number, or your favorite teacher• Information: Share as little personal information as possible. That might be difficult since you do just that on Facebook or Twitter, but do not include any financial information, your birthday, address, e-mail address, phone number, etc• Limit: The more social networks you join, the greater your chances of being hacked. Limit your social networking sites to two or three at most. Stick to popular networks such as Twitter and Facebook because they are more credible and have stricter safety standards• Security: Make sure your computer has the latest security software so it’s protected against attack from social media hackers, viruses, spyware and other Internet threats 17
  • 18. Frontier Secure Tips• Safety: Update the privacy settings on your social networking pages. Limit the friends and followers who see your content. For example, on Facebook you can control where your posts go by customizing the “Settings” icon of your profile page. On Twitter, you can request notification when someone new is following you• Know your source: Never click on a link from someone you don’t know. Remember that even your friends can have a computer virus that blasts to all their contacts without their knowledge• Look out for “Deals”: Many of us take advantage of various discount opportunities, but even these links may have viruses. Be sure you’re opening a safe link even if the business is credible• Search term mix ups: A harmless Internet search can bring up websites laced with viruses. Be extra careful about what you type in a search engine  18
  • 19. Frontier Secure  19
  • 20. Frontier Secure  20
  • 21. Sources• Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures http://www.infosecisland.com/blogview/20943-Social-Media-Security-Tips-for-Small- Business.html• http://www.fraudwatchinternational.com/phishing/individual_alert.php?fa_no=240305&mode=alert• http://portal.bsa.org/globalpiracy2011/• http://www.smallbusinesscomputing.com/webmaster/article.php/10732_3908811_2/15-Data-Security-Tips-to-Protect- Your-Small-Business.htm• http://www.smallbusinesscomputing.com/biztools/article.php/10730_3930231_2/10-Top-Small-Business-Security- Tools.htm F-Secure rated #2 overall best security product from independent testing by AV-Test (full article) 21