Dynamic Business

Your Security Responsibilities

The biggest issues concerning SME owner/operators when it comes to security continue to be spam, phishing, and viruses. Local research by Gfk shows that despite the deployment of virus protection, 29 percent of SMEs (equivalent to 70,570 businesses) suffered some downtime due to virus or malicious events during the past 12 months. Also regularly shown is that businesses of fewer than 250 employees receive almost twice as many spam messages as medium-sized companies and 30 percent more spam than large enterprise organisations.

In 2008, security has a direct impact on every critical part of a business including reputation, productivity and business continuity. So what steps should you take to avoid these pitfalls?

At a minimum, ensure you have an acceptable usage policy in place. Keep it up-to-date and educate your workforce on the changing landscape. Make sure they understand attacks are becoming much more socially engineered.
Small business owners wanting guidance on how to educate employees and establish an e-policy at work can download a free resource from MessageLabs at www.messagelabs.com.au/white_papers/epolicy_form

Top Tips for Internet Security

1. Be sceptical of all unsolicited email.
By far the most common type of phishing email being sent at the moment will be worded in an urgent or overly dramatic way, prompting the recipient to take immediate action such as confirming online account details for a bank or other portals such as eBay or PayPal. It is important to keep in mind that no online bank or portal would ever solicit personal information in this manner. Also be wary of “spoofed” messages – even though the sending domain (e.g. mybank.com) may appear to be legitimate, unless the message is correctly digitally signed there is no guarantee that the message is not a fake.

2. Don’t be fooled.
In the past it was uncommon for phishing-type messages to be personalised, however this situation is changing. Again, always be sceptical of an unsolicited message, even if it appears to be personally addressed to you.

3. Check the security of the website.
Be sure to confirm the integrity of the host site. Secure connections are denoted with an https:// at the beginning of the address bar rather than just http:// and the “padlock” icon should appear at the bottom right of your browser window. In addition, ensure your browser is running the most up-to date version of the browser and that your security settings are active. If using Microsoft’s Internet Explorer you can check for updates via the following url: http://www.microsoft.com/security/

4. Think twice before you click.
Avoid clicking on any links within an email that you think may not be authentic. Similarly, avoid completing any online forms requesting financial information unless you can be absolutely sure of the integrity of the host site.

5. Check your online accounts.
Check them as regularly as possible and if you see any suspicious transactions contact your bank immediately.

—Mark Sunner is chief security analyst for MessageLabs (www.messagelabs.com.au) He joined in 1999 as head of product development and innovation and the services he and his team initially created went on to establish several groundbreaking milestones within the anti-virus and anti-spam arenas.