Your business may be small, but you still need to think about protecting your important data and assets. According to Symantec's latest Internet Security Threat Report,
31% of all deliberately targeted hacker attacks are now aimed at SMBs, a 13% increase in just one year. Why? Simple: SMBs typically have less network
security than larger companies, and that makes them low-hanging fruit. Tech startups, accounting firms, legal practices, and other thriving SMBs can
be temptingly juicy, both for their own resources and as a convenient springboard for a larger attack. In fact, we have seen a couple of small businesses
be targets of payroll and banking attacks locally over the past 3 months.
Typically, hackers leapfrog over standard network security with social engineering. They gather data from social networking sites about a specific victim
within a company. Using that data, they craft email that looks like it originates from a known and trusted source ("spear phishing") or they spoof
or infect a website the victim visits frequently ("waterholing"). When the victim opens the email or visits the site, it launches sophisticated malware
that gives the hackers more access to the network so they can steal its data or use it to attack other targets.
In an era of socially engineered attacks, the best defense is to assume you're a target. You don't have to give up social networking sites. You do, however,
need to start thinking about your employees themselves as your first line of defense. Start by raising company-wide awareness about spear phishing,
waterholing, and other targeted attacks. After that:
-Develop comprehensive security policies and procedures
-Review those policies and procedures with employees.
-Enforce them without exception. No one, even your top officers, should be exempt.
-Re-evaluate them regularly to ensure they're up to date.
Xantrion stays on top of security trends and follows industry best practices for blocking known attacks and mitigating the damage from any that get through.
Let us help you evaluate your risks and develop policies and practices to manage them — call us to get started right away!