Targeted Cyber Attacks Against Small Biz: Chat Recap

Last week on July 19th we held a Twitter chat — and achieved a “personal best” for the Small Business Trends community.  Our #SMBchat made it as the top trending topic on Twitter.  And we’ve got the screenshot to prove it!  Thanks to all who participated and made it a huge success.

The topic was “Targeted Cyber Attacks, No Longer a Big Biz Problem” and we were fortunate to have two world-class security experts from Symantec join us:

• Kevin Haley, Director, Symantec Security Response, Symantec – @kphaley
• Andrew Singer, Director of Product Marketing, Symantec – @SymantecSMB

Many thanks to Symantec for making the experts available and for sponsoring this chat!

As usual, we bring you a sampling of some of the interesting and insightful tweets.  Yours truly, Anita Campbell (@Smallbiztrends) was asking the questions of our expert guests and the community:

Q1: How likely is it that a small business will face a malicious cyber attack?

• 36% of all cyber attacks target small businesses. Poll by @Symantec PDF here: http://t.co/hAhGY1xg  – @TJMcCue
•  50% of SMBs think they’re not a target for cyber attackers, but 73% have been victims of cyber attacks: http://t.co/Vr5Ym3uU  – @SymantecSMB
• Can it be 100% likely? Isn’t it already happening?  – @DIYMarketers
• Extremely likely. Just looking at WordPress-based sites, 78% sites old versions. All things insecure out of the box insecure.  – @dynamicnet
• I’ve had to alert 3 clients that their Websites were hacked. They didn’t know because it’s not their homepage! – @PeggyDuncan
• Symantec blocked more than 5.5 billion attacks in 2011, an increase of 81 percent over the previous year – @SymantecSMB

Q2: What are the most common types of malicious cyber attacks that small businesses face?

• Interesting things happening with targeted attacks. They’re becoming everyone’s problem, not just govs. & enterprises – @SymantecSMB
• My email account was hacked and I might need to stop using it because I can’t get it fixed…. – @BasicBlogTips
• Malware comes attached in spam. But Web-based attacks, drive-by downloads: http:/bit.ly/LwyWTV are very prevalent. – @KPHaley
• Increased data usage means everyone is challenged to apply secure processes. Threats to bigbiz = threats to smallbiz  – @ZimanaAnalytics
• Once you get hacked, spammers use your site as the staging ground for their spam efforts. – @robert_brady

Q3: If small businesses use Macs, instead of PCs, do they need to worry about cyber attacks and malware? Why or why not?

• SMBs using Macs must take steps to protect info: http://bit.ly/Q2MyIc  – @KPHaley
• I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. – @Lyceum
• Mac users as well as PC users are both targets. Just this year alone, Mac has been heavily targeted by malware and virus – @dynamicnet
• Virtualization software for running Windows on a Mac can be just as vulnerable as a PC  – @ZimanaAnalytics
• From a security standpoint treat your Mac like a PC, protect it.  – @KPHaley
• Shortened links make it tough to know where you’re going to land. Malware authors love that too. – @KPHaley

Q4: What are the top steps SMBs can take to stay safe from Internet-based threats?

• Deploy reliable security solution on both Windows and Mac endpoints. Keep security software & OS updated with latest patches. – @SymantecSMB
• I like 7 Tips for Protecting SMB’s Information: http://bit.ly/Q2MyIc Nice overview. – @KPHaley
• Keep site applications up to date. Use secure, unique per application passwords – http://t.co/NzZYDJpv might help. – @dynamicnet
• Make sure you back up your website AND your computer network – to more than one device or service. – @HowardLewinter
• Educate employees about Internet safety, train to be wary of email attachments, links from unknown sources – @SymantecSMB
• Bad guys [are] like roaches, they run when light shined on them. Lists get out of date quickly. – @KPHaley

Q5: What is a “Comprehensive Security Plan” and how does a small biz create one?

• SMBs first need to know what they need to protect. It’s important to understand your risk and assess your security gaps – @KPHaley
• Your security plan should include password polices, endpoint protection, secure email and Web assets, encryption and backup. – @KPHaley
• Plan should include how when (since nothing is hacker proof) hacks, malware, etc. get in, then what (time, money)? – @dynamicnet
• If the bad person knows you use just one centralized system.. you now made their life so much easier. Layers matter.  – @dynamicnet
• #SMBChat is happening right now on SMB security, worth following the conversation. – @Bislr

Q6: What if despite prevention efforts, your business gets hit with a malware attack. What steps should you take to recover?

• Encourage employees to come forward immediately if they spot a virus or malware, rather than try to resolve it themselves. – @SymantecSMB
• Hopefully you have been maintaining a proper backup. Then you can roll back to previous. – @robert_brady
• Assess the damage. Determine reporting requirements. Report as applicable. Recover, Debrief for what needs to improve. – @dynamicnet
• @robert_brady Great point about backup! If infected roll back to last known good backup. – @SymantecSMB
• 61 percent don’t even have a written plan, according to @Symantec – so, do that first to have a security process.  – @TJMcCue
• In the same thought, 1 in 10 SMBS have suffered from a data hack http://www.darkreading.com/smb-security/167901073/security/news/240003962/one-in-10-smes-have-suffered-from-a-data-hack.html  – @port80software

Q7: Passwords are a problem, especially as cloud apps grow all requiring passwords. What are some best practices?

• Strong passwords have 8 characters or more and use combination of letters, numbers & symbols. – @KPHaley
• People like to use the same password to access personal & business resources. Do NOT re-use passwords. – @KPHaley
• Passwords should be unique per application. http://t.co/NzZYDJpv might help for how to create passwords. – @dynamicnet
• Bad guys love re-used passwords. – @KPHaley
• We require auto password changes every 90 days. Employees cannot share password info – @BasicBlogTips
• At BARE minimum, have strong email & banking passwords different from each other & social media passwords – @CathyWebSavvyPR

Q8: If you don’t have internal IT or have limited staff, how do you get help for your biz?

• Cloud-managed security is a great option for SMBs with limited IT staff. Learn about Symantec’s SMB: http://bit.ly/NfVHN9 – @SymantecSMB
• Most infections can be prevented by adhering to organizational policy and exercising caution, so employee training is critical. – @SymantecSMB
• Small biz with no it can often get help from chamber of commerce, fellow small biz, why even twitter. However, confirm facts. – @dynamicnet
• Cloud-managed security is great option 4 SMBs w limited IT staff.  – @DIYMarketers
• Make sure you’re working with an expert BEFORE you have a problem – not just cyber issues but anything that’s important 2 biz. – @HowardLewinter

---

More in: Cybersecurity 6 Comments ▼

---