Online criminals are in the business of finding holes — holes in your software.
“Pieces of software will always have vulnerabilities, and there will always be criminals creating exploits for those vulnerabilities,” says F-Secure Senior Researcher Timo Hirvonen. “It’s become a whole business model for these criminals, because the security patches that companies release basically expose the vulnerabilities in software. The criminals reverse engineer the patches to find vulnerabilities, and then they target those vulnerabilities with exploits they develop.”
Given that they spend all day thinking about how to get into your network and you spend all all day trying to run your business, they may have the advantage. But there is a lot you can do to make your data and customers safer.
Our Security Advisor Sean Sullivan recently responded to questions we frequently hear from businesses trying to secure their IT infrastructure. He explained with what the most common vulnerabilities tend to be, the steps you can take to patch them and the biggest mistakes businesses make.
Mobile apps and cloud systems allow employees to access documents, systems, data and other work product from anywhere, but always-on access comes with always-threatening security risks. What are the most significant of those risks?
Always on and working from anywhere means more devices and a larger attack surface area. Even a diligent and tech-savvy person who is cautious about not opening a suspicious file can still be a victim of exploits, as these kits automatically take advantage of vulnerabilities in software that are commonly used by browsers and programs, such as Adobe Reader, Flash players, etc.
More than half of what F-Secure is blocking these days are exploits, and they’re among the biggest threats to SMBs because people frequently don’t update their software and this puts the business at greater risk.
A Java plug-in update, for example, that people often ignore thinking it’s not a mission-critical application for their day-to-day activities can be the chink in the armor that lets in a malicious attack. Some of the exploit kits we’re detecting are using exploits that have been detected and patched MONTHS ago, but the attackers are betting that many businesses haven’t updated their software, and their bets are paying off.
What are the most important steps small and medium-sized businesses should take to protect themselves against those risks?
The cybersecurity landscape is fluid so invest in sending your IT person to training seminars so he or she can learn more about protecting your users and network. Additionally, selecting a cloud-based security solution helps you and your employees not have to worry about updating plugins and applications.
What are some of the biggest mistakes SMBs make in this area?
They undervalue their data and content. Training documents for new hires, for example, aren’t mission critical to the business functioning, so it’s likely the business wouldn’t see it as valuable, but if they had to recreate all of those files from scratch, it would likely take a lot of time and resources, right? Thinking an attacker won’t go after certain items because it’s not important to them is the wrong mindset — they care about what’s important to you.
Backup files in multiple locations — online and physical hard drives. Use a VPN to encrypt your communication and encourage or provide VPN applications for your employees to use on their work and personal devices. Lastly, keep your systems updated. Using a cloud-based security software that takes care of all that helps saves you time and money and lets you focus on your business and the professionals handle security.
Our F-Secure Booster‘s premium version contains a software update feature that can you monitor their drivers and applications to keep them patched in protected. Our business products also feature Software Updater to keep software updated and safe from exploits.
[Image by elineart | Flickr]
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017