By Nestor E. Arellano
While network attacks are expected to rise in 2008, security experts say
small Canadian businesses can protect themselves by implementing seven
"Protection is not always an expensive proposition," said Marc Fossi,
manager of the Canadian security response team at Symantec Corp.
When it comes to network attacks, he said, small and mid-sized
businesses (SMBs) are favourite hacker targets, as they have lots of
confidential client information, but often lack adequate means to
protect these assets. "Attackers are opportunistic; they'll get at
anything that provides an opening."
North American companies lost an estimated US$30 million in 2007 due to
network attacks, according to Infonetics Research of Campbell, Calif.
The costs - associated with lost sales and labour due to downtime -
eroded as much as 2.2 per cent of the revenue of large enterprises, and
as much as half the annual revenue of some SMBs.
To avoid falling prey to such attacks, Canadian experts have the
1. Adopt a "defense-in-depth" approach
"No one system will adequately protect your organization from all the
attackers out there," says Robert Beggs, CEO of DigitalDefense Inc. a
Toronto-based provider of information security services.
He said defense-in-depth employs multiple defense systems, such as
firewalls, anti-virus software, anti-spyware software and security best
practices. "Each defense system might have its own set of
vulnerabilities, but if you have many systems in place you reduce the
chance of your defenses falling apart."
2. Always keep patch levels up-to-date
Operating systems and applications must always contain the latest
security patches, says Adam Cole, director of specialty technology for
McKesson Canada and national director for the Toronto chapter of the
Canadian Information Processing Society (CIPS).
"A lot of times attacks get through simply because companies fail to
download the latest patches," Cole said. Cole advices organization to
designate a person or team to manage patch updates.
3. Consider network compliance solutions for mobile users
Security issues in businesses rose last year because of employees using
mobile devices to access the company network, according to Computing
Technology Industry Association (CompTIA), a Chicago-based worldwide
group of IT professionals and companies.
Some organization reported security issues increasing by as much as 60
per cent, said Steven Ostrowski, director of corporate communication for
CompTIA. He said it is often more difficult to manage security for
laptops and mobile devices such as BlackBerry handhelds. Fossi
recommends that businesses set up strict policies about laptop and
mobile device use and beef this up with security tools.
4. Enforce effective password policies
This is a no-brainer but a large number of users forget to periodically
change passwords, often give them away or post them in the open, said
5. Configure mail server to filter e-mail
A lot of spyware and viruses can be avoided by setting mail servers to
block unauthorized or unwanted file attachments. Fossi said file
attachments commonly used to spread viruses include: VBS, BAT, EXE, PIF
and SCT files.
6. Train employees to be vigilant
Fostering a culture of security is often the best and cheapest defense,
said Fossi. The basics include: not opening attachments unless they are
expected or come from a trusted source, and avoiding downloading
software from the Internet unless it's authorized and scanned to be
7. Ensure emergency procedures are in place
Employees should be trained to recognize threats and coached on how to
respond to them. It is also very important to have a back-up and restore
system and procedure, said Fossi. "This gives you the ability to recover
data and get your network up and running in case an attack does get
Visit InfoSec News