Last week on July 19th we held a Twitter chat — and achieved a “personal best” for the Small Business Trends community. Our #SMBchat made it as the top trending topic on Twitter. And we’ve got the screenshot to prove it! Thanks to all who participated and made it a huge success.
The topic was “Targeted Cyber Attacks, No Longer a Big Biz Problem” and we were fortunate to have two world-class security experts from Symantec join us:
- Kevin Haley, Director, Symantec Security Response, Symantec – @kphaley
- Andrew Singer, Director of Product Marketing, Symantec - @SymantecSMB
Many thanks to Symantec for making the experts available and for sponsoring this chat!
As usual, we bring you a sampling of some of the interesting and insightful tweets. Yours truly, Anita Campbell (@Smallbiztrends) was asking the questions of our expert guests and the community:
Q1: How likely is it that a small business will face a malicious cyber attack?
- 36% of all cyber attacks target small businesses. Poll by @Symantec PDF here: http://t.co/hAhGY1xg - @TJMcCue
- 50% of SMBs think they’re not a target for cyber attackers, but 73% have been victims of cyber attacks: http://t.co/Vr5Ym3uU - @SymantecSMB
- Can it be 100% likely? Isn’t it already happening? - @DIYMarketers
- Extremely likely. Just looking at WordPress-based sites, 78% sites old versions. All things insecure out of the box insecure. - @dynamicnet
- I’ve had to alert 3 clients that their Websites were hacked. They didn’t know because it’s not their homepage! – @PeggyDuncan
- Symantec blocked more than 5.5 billion attacks in 2011, an increase of 81 percent over the previous year – @SymantecSMB
Q2: What are the most common types of malicious cyber attacks that small businesses face?
- Interesting things happening with targeted attacks. They’re becoming everyone’s problem, not just govs. & enterprises – @SymantecSMB
- My email account was hacked and I might need to stop using it because I can’t get it fixed…. – @BasicBlogTips
- Malware comes attached in spam. But Web-based attacks, drive-by downloads: http:/bit.ly/LwyWTV are very prevalent. - @KPHaley
- Increased data usage means everyone is challenged to apply secure processes. Threats to bigbiz = threats to smallbiz - @ZimanaAnalytics
- Once you get hacked, spammers use your site as the staging ground for their spam efforts. – @robert_brady
Q3: If small businesses use Macs, instead of PCs, do they need to worry about cyber attacks and malware? Why or why not?
- SMBs using Macs must take steps to protect info: http://bit.ly/Q2MyIc - @KPHaley
- I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. – @Lyceum
- Mac users as well as PC users are both targets. Just this year alone, Mac has been heavily targeted by malware and virus – @dynamicnet
- Virtualization software for running Windows on a Mac can be just as vulnerable as a PC - @ZimanaAnalytics
- From a security standpoint treat your Mac like a PC, protect it. - @KPHaley
- Shortened links make it tough to know where you’re going to land. Malware authors love that too. - @KPHaley
Q4: What are the top steps SMBs can take to stay safe from Internet-based threats?
- Deploy reliable security solution on both Windows and Mac endpoints. Keep security software & OS updated with latest patches. – @SymantecSMB
- I like 7 Tips for Protecting SMB’s Information: http://bit.ly/Q2MyIc Nice overview. - @KPHaley
- Keep site applications up to date. Use secure, unique per application passwords – http://t.co/NzZYDJpv might help. – @dynamicnet
- Make sure you back up your website AND your computer network – to more than one device or service. – @HowardLewinter
- Educate employees about Internet safety, train to be wary of email attachments, links from unknown sources – @SymantecSMB
- Bad guys [are] like roaches, they run when light shined on them. Lists get out of date quickly. – @KPHaley
Q5: What is a “Comprehensive Security Plan” and how does a small biz create one?
- SMBs first need to know what they need to protect. It’s important to understand your risk and assess your security gaps – @KPHaley
- Your security plan should include password polices, endpoint protection, secure email and Web assets, encryption and backup. - @KPHaley
- Plan should include how when (since nothing is hacker proof) hacks, malware, etc. get in, then what (time, money)? – @dynamicnet
- If the bad person knows you use just one centralized system.. you now made their life so much easier. Layers matter. - @dynamicnet
- #SMBChat is happening right now on SMB security, worth following the conversation. – @Bislr
Q6: What if despite prevention efforts, your business gets hit with a malware attack. What steps should you take to recover?
- Encourage employees to come forward immediately if they spot a virus or malware, rather than try to resolve it themselves. – @SymantecSMB
- Hopefully you have been maintaining a proper backup. Then you can roll back to previous. – @robert_brady
- Assess the damage. Determine reporting requirements. Report as applicable. Recover, Debrief for what needs to improve. – @dynamicnet
- @robert_brady Great point about backup! If infected roll back to last known good backup. – @SymantecSMB
- 61 percent don’t even have a written plan, according to @Symantec – so, do that first to have a security process. - @TJMcCue
- In the same thought, 1 in 10 SMBS have suffered from a data hack http://www.darkreading.com/smb-security/167901073/security/news/240003962/one-in-10-smes-have-suffered-from-a-data-hack.html – @port80software
Q7: Passwords are a problem, especially as cloud apps grow all requiring passwords. What are some best practices?
- Strong passwords have 8 characters or more and use combination of letters, numbers & symbols. – @KPHaley
- People like to use the same password to access personal & business resources. Do NOT re-use passwords. - @KPHaley
- Passwords should be unique per application. http://t.co/NzZYDJpv might help for how to create passwords. - @dynamicnet
- Bad guys love re-used passwords. - @KPHaley
- We require auto password changes every 90 days. Employees cannot share password info – @BasicBlogTips
- At BARE minimum, have strong email & banking passwords different from each other & social media passwords – @CathyWebSavvyPR
Q8: If you don’t have internal IT or have limited staff, how do you get help for your biz?
- Cloud-managed security is a great option for SMBs with limited IT staff. Learn about Symantec’s SMB: http://bit.ly/NfVHN9 – @SymantecSMB
- Most infections can be prevented by adhering to organizational policy and exercising caution, so employee training is critical. – @SymantecSMB
- Small biz with no it can often get help from chamber of commerce, fellow small biz, why even twitter. However, confirm facts. - @dynamicnet
- Cloud-managed security is great option 4 SMBs w limited IT staff. - @DIYMarketers
- Make sure you’re working with an expert BEFORE you have a problem – not just cyber issues but anything that’s important 2 biz. – @HowardLewinter
- Great to see
#SMBChat trending - @michaelsharkey
- Thanks for the
#SMBchat security discussion - @NoahJS
- We enjoyed reading all the commentary during the
#SMBChat It’s great to see people connecting and discussing - @BusinessDotCom
- Tip: If you liked what someone said on a chat, follow them, connect later this week; cld be yr next client or biz partner! - @CathyWebSavvyPR
See also the recap on the Symantec blog.
Note: to make the recap easier to read, tweets above have been edited to remove redundant information, such as hashtags and answer numbers, and fix obvious misspellings. The above represents only a small portion of the tweets — it is intended to cover key highlights for reader convenience.