Many SMEs unaware of risk factor

02/09/2003 - 22:00


Save articles for future reference.

MANY small and medium-sized businesses don’t believe they are at a high risk from hackers...

MANY small and medium-sized businesses don’t believe they are at a high risk from hackers, and with limited IT budgets the cost of security is a major drawback in SMEs’ ability to protect themselves,

However, the truth is that many hackers select targets at random, which makes SMEs as much of a target as larger companies.

Further, Microsoft is a major target for hackers because of its large number of vulnerabilities and its widespread market share allows maximum impact for hackers.

According to a recent Gartner report, up to 90 per cent of SMEs run Windows on their servers, 80 per cent are using Outlook and Exchange for email, and 70 per cent are using SQL databases.

This means that most SMEs are prime targets for hackers because they are running Microsoft.

A lot of SMEs may have fallen victim to hackers already, with many not knowing if and when they have been hit.

The good news is that there are some low-cost strategies that are particularly effective for SMEs to beef up IT security.

p Create an IT security policy and enforce it.

p Educate system administrators and all employees on security policies and procedures — without a policy, employees won’t be aware of the dangers or their responsibilities.

p Ensure your system administrator is updating security patches — on a daily basis if necessary.

p Update virus signatures daily or more frequently.

p Scan for viruses on the server, and on all systems using the latest signatures to ensure they haven’t already been infected.

p Don’t give employees administrative access to their PCs.

p Install personal firewalls on every laptop.

p Consider blocking potentially dangerous attachments from outside the enterprise, which would include anything apart from .zip, .doc., .xls, .pdf and .ppt extensions. Files can be blocked from your email server.

p Examine security practices for remote access including dial up lines, extranets and virtual private networks.

p Protect every Internet connection with a certified firewall.

p Block every port that your business does not require to be open.

p Outsource perimeter security to a managed security service provider if necessary.


Subscription Options