Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing Your Small Business Network


Published on


Published in: Business, News & Politics
  • Be the first to comment

  • Be the first to like this

Securing Your Small Business Network

  1. 1. Securing Your Small Business Network
  2. 2. <ul><li>Introduction </li></ul><ul><li>Types of Online Risks </li></ul><ul><li>Small Business Network Vulnerabilities </li></ul><ul><li>Calculating the Impact </li></ul><ul><li>Recommended Security Practices </li></ul><ul><li>Overview of Symantec Solutions </li></ul>Agenda 1 2 3 4 5 6
  3. 3. The Internet Has Changed Business Forever <ul><li>Turn back the clock 10 years… </li></ul><ul><ul><li>Did you have an email address? Web access? A Web site? </li></ul></ul><ul><li>The Internet has redefined business dynamics </li></ul><ul><ul><li>48% of small businesses in the U.S. have Web sites </li></ul></ul><ul><ul><li>163 million Americans have an email address </li></ul></ul><ul><ul><li>185 million Americans use the Internet </li></ul></ul><ul><li>The good news is that you can: </li></ul><ul><ul><li>Gather information more quickly </li></ul></ul><ul><ul><li>Increase communications with your customers/vendors </li></ul></ul><ul><ul><li>Transact business more efficiently </li></ul></ul>Sources: Pew Internet Survey 2004, Computer Industry Almanac, 2004 Kelsey Group, 2004
  4. 4. The Bad News: Computer Security Risks <ul><li>Did you realize that you open your business to potential risk whenever you… </li></ul><ul><ul><li>Download something from the Web? </li></ul></ul><ul><ul><li>Open an email attachment? </li></ul></ul><ul><ul><li>Leave your computers connected to a broadband connection? </li></ul></ul><ul><ul><li>Insert removable media (CD-ROM, DVD-ROM, flash drive) into one of your business’s computers? </li></ul></ul><ul><ul><li>Access the Internet wirelessly? </li></ul></ul><ul><ul><li>Let a guest user onto your business network? </li></ul></ul>The security of your business is up to YOU!
  5. 5. The Impact of Poor Security <ul><li>Over $11 billion in damages worldwide </li></ul><ul><ul><li>Between just a few months: Feb. 2004 and May 2004 </li></ul></ul><ul><ul><li>From just MyDoom, Netsky, Bagel, and Sasser virus outbreaks </li></ul></ul>Source: Computer Economics, Inc. June 2004
  6. 6. The Impact of Poor Security <ul><li>U.S. CSI/FBI Survey (among 269 respondents) * </li></ul><ul><ul><li>Estimated total loss of $141 million due to virus outbreaks in 2003 </li></ul></ul><ul><ul><ul><li>19% in small businesses with <100 employees </li></ul></ul></ul><ul><ul><li>$524K average loss per respondent </li></ul></ul><ul><ul><li>Attack types and percent experiencing them </li></ul></ul><ul><ul><ul><li>Virus outbreaks 78% </li></ul></ul></ul><ul><ul><ul><li>Internal abuse of Web access 59% </li></ul></ul></ul><ul><ul><ul><li>System penetration 39% </li></ul></ul></ul><ul><li>An estimated 57MM Americans have received emails from “phishers” (Gartner, May 2004 survey) </li></ul><ul><ul><li>Cost of phishing attacks to U.S. banks in 2003 $1.2b (Symantec) </li></ul></ul>* Source: CSI/FBI Computer Crime and Security Survey, 2004
  7. 7. What Are You Up Against? Types of Risks <ul><li>Malicious Code </li></ul><ul><ul><li>Worms, Viruses, Trojan Horses </li></ul></ul><ul><li>Hackers </li></ul><ul><ul><li>Information theft/Privacy Violations, Spyware, Phishing, Denial of Service, Application Vulnerabilities </li></ul></ul><ul><li>Time Wasters </li></ul><ul><ul><li>Adware, Spam Email, Popup Ads, Data Loss </li></ul></ul>
  8. 8. What Are You Up Against? Malicious Code <ul><li>Virus </li></ul><ul><ul><li>A malicious program that attacks PCs and Macs by infecting other files on the computer </li></ul></ul><ul><li>Worm </li></ul><ul><ul><li>A malicious program designed to spread itself to as many other computers as possible via the Internet, sometimes taking over the victim’s email address book </li></ul></ul><ul><li>Trojan Horse </li></ul><ul><ul><li>A malicious program that pretends to be a useful or friendly program, such as a screen saver, game or other type of utility </li></ul></ul>Source: SecurityFocus The “Blaster” worm alone inflicted $1.3 billion in damage to U.S. Businesses in 2003
  9. 9. What Are You Up Against? Hackers <ul><li>Privacy Violations </li></ul><ul><ul><li>Intrusions into your business’s computer systems for personal information belonging to you, your company or your customers, often credit card numbers </li></ul></ul><ul><li>Spyware </li></ul><ul><ul><li>Small applications that monitor your Web usage and report it to a marketing service </li></ul></ul><ul><ul><li>Key stroke loggers that capture data and steal passwords </li></ul></ul><ul><li>Phishing </li></ul><ul><ul><li>Fraudulent schemes in which a hacker pretends to be a legitimate company or authority to get you to reveal personal information willingly </li></ul></ul><ul><li>Denial of Service </li></ul><ul><ul><li>An attack that ties up a Web server so that your customers, vendors, and partners can’t access your site </li></ul></ul>Source: CSI/FBI Computer Crime and Security Survey, 2004 70% of businesses reported at least one security breach from external sources this year
  10. 10. What Are You Up Against? Time Wasters <ul><li>Adware </li></ul><ul><ul><li>Software that displays banner ads even when the host computer is not connected to the Internet </li></ul></ul><ul><li>Spam, Popup Ads </li></ul><ul><ul><li>Spam email: unsolicited email, often sent under false pretences </li></ul></ul><ul><ul><li>Popup Ads: ads that open in a new browser window on top of the Web page you were viewing </li></ul></ul>Source: Symantec/Brightmail, 2004 As much as 65% of all email traffic in 2004 is spam
  11. 11. Evolution of Virus/Worm Threats <ul><li>We’ve reached an inflection point where the latest threats now spread orders of magnitude faster than our ability to respond with traditional technology </li></ul>months days hrs mins secs Contagion Period 1990 Time 2005 Program Viruses Macro Viruses E-mail Worms Network Worms Flash Worms Contagion Period
  12. 12. Threat Sophistication Code Red doubled its infection rate every 37 minutes. Slammer doubled every 8.5 seconds, and infected 90% of unprotected servers in 10 minutes! At its peak, 1 out of every 12 emails was infected with MyDoom! Blaster razed networks just 27 days after the vulnerability was publicly disclosed!
  13. 13. Understanding Your Vulnerabilities Internet Gateway
  14. 14. Understanding Your Vulnerabilities File Server / Mail Server
  15. 15. Understanding Your Vulnerabilities Desktop
  16. 16. Understanding Your Vulnerabilities Remote Users
  17. 17. Calculating the Impact on Your Business <ul><li>How to calculate the cost of a virus infecting your network and damaging your information </li></ul><ul><ul><li>List the number employees in your business </li></ul></ul><ul><ul><li>Calculate an average hourly compensation per employee </li></ul></ul><ul><ul><li>Think about what files and work might need to be re-created after a loss: customer database, client reports, project files, and schedules, contracts, etc. </li></ul></ul><ul><ul><li>Estimate the amount of time required to re-create lost databases, financial files, and other work per employee </li></ul></ul><ul><ul><li>Multiply the time required by the number of employees affected by the average hourly compensation </li></ul></ul><ul><ul><li>This is the cost of one virus damaging desktop files one time only – It doesn’t include the cost to have your software or hardware professionally repaired or replaced. </li></ul></ul>
  18. 18. Calculating the Impact on Your Business $10,500 Annual Cost to Business ($875/person x 12 = $10,500 ) $875 Annual Cost to Business / Worker ( 35 hours x $25/hr = $875 ) 35 hours Total Annual Hours / Person ( 20 + 15 = 35 ) 15 hours Viruses: Annual Downtime / Person 20 hours Spam: Minutes Each Day / Person: 5 Hours Each Year / Person: 5 x 4 = 20 $25.00/hour Average Hourly Wage 12 Number of Employees
  19. 19. Recommended Security Practices <ul><li>Prevent infection with antivirus software </li></ul><ul><ul><li>Install antivirus on all desktops, laptops, and servers </li></ul></ul><ul><ul><li>Check for virus definitions daily or set for automatic updates </li></ul></ul><ul><li>Stop intruders with a firewall </li></ul><ul><ul><li>Use a firewall on all desktops, laptops, and servers </li></ul></ul><ul><li>Stay on top of security updates </li></ul><ul><ul><li>Deploy security patches and fixes as soon as they are available </li></ul></ul><ul><ul><li>Use the latest operating system versions </li></ul></ul><ul><li>Create strong passwords and change them frequently </li></ul><ul><ul><li>Don’t allow Web browsers to remember passwords/private data </li></ul></ul><ul><li>Open email responsibly </li></ul><ul><ul><li>Scrutinize attachments before opening them; avoid ones with unusual extensions </li></ul></ul><ul><ul><li>Don’t open or reply to unsolicited mail </li></ul></ul>
  20. 20. Recommended Security Practices, cont. <ul><li>Browse the Web with caution </li></ul><ul><ul><li>Don’t ever give personal information to a Web site unless you see a small padlock or key icon in the browser’s toolbar </li></ul></ul><ul><ul><li>Don’t type confidential information in Instant Messaging/Chat programs </li></ul></ul><ul><li>Back up regularly </li></ul><ul><ul><li>Back up vital data daily and store critical backups offsite </li></ul></ul><ul><li>Make remote connections secure </li></ul><ul><ul><li>Require remote users to use antivirus and firewall software </li></ul></ul><ul><ul><li>Use a Virtual Private Network (VPN) </li></ul></ul><ul><li>Lock down wireless networks </li></ul><ul><ul><li>Install a firewall at the wireless access point </li></ul></ul><ul><li>Ensure the physical security of your equipment </li></ul><ul><ul><li>Never leave wireless devices unattended </li></ul></ul><ul><ul><li>Use the screen locking feature when you leave your computer </li></ul></ul>
  21. 21. Symantec Small Business Product Line Desktop and Server Protection Desktop Protection Point Products Suites/Integrated Additional Tier
  22. 22. Who is Symantec? <ul><li>Global leader in information security </li></ul><ul><ul><li>#1 global leader in antivirus and antispam software* </li></ul></ul><ul><li>Offers a broad range of software, appliances, and services for: </li></ul><ul><ul><li>Home and home office </li></ul></ul><ul><ul><li>Small and mid-sized businesses </li></ul></ul><ul><ul><li>Large enterprises </li></ul></ul><ul><li>Operating in over 35 countries worldwide </li></ul><ul><ul><li>Insight from monitoring a sensor network of more than 20,000 corporate customers, and millions of personal PCs </li></ul></ul><ul><li>* * Sources: IDC – Secure Content Management 2004-2008 Forecast Update and 2003 Vendor Shares; Aug 2004 </li></ul><ul><li>Worldwide Antispam Solutions 2004-2008 Forecast and 2003 Vendor Shares December 2004 </li></ul>
  23. 23. Thank You Questions and Answers