Great, you may be thinking, now that it’s 2009 I’ll be getting a smart phone to use for work.
Just great, your IT manager may be thinking, now that it’s 2009 they’ll be getting smart phones to use for work.
IT experts predict a substantial uptick this year in the number of small businesses using smart phones -- as well as flash drives, social networks, and faster Internet connections. While that might make employees more productive, it also increases the security risks a small business faces.
Last year saw the start of a new wave of cyber crime that put spam on smart phones, phishing and virus attacks on Facebook, and even malware on flash drives, according to IT security experts. Those threats will only increase this year, says Derek Manky, a cyber-security project manager at Fortinet, a manufacturer of intrusion protection systems and other IT security equipment.
Small businesses are at greater risk because chances are they have fewer IT staff and don’t take as many precautions to avoid threats, says Brett Scudder, an IT security consultant and proprietor of IT Security Suite Network in New York City. “We’re seeing a lot more work coming from” small businesses, Scudder says.
IT security trends in 2009
According to Manky, Scudder and other computer security experts, here are trends to watch in 2009:
3G phones -- Web-enabled smart phones and the 3G networks they run on will become the newest playground for cyber criminals, who started launching worm attacks on cell networks last year. “2009 won’t necessarily open the flood gates, but it is an indication that this will be a significant trend and will overflow in 2010,” Manky says
Social networks and online games -- More worms and viruses circulating on Facebook and other social networks as well as on online games will jump to company networks as employees use laptops or home PCs for work and pleasure without having proper security measures in place.
USB storage devices -- As use of flash drives and USB memory cards grows, so will the appearance of worms and malware that hop on for the ride, and then infect inadequately protected company networks.
Databases -- Cyber criminals will continue breaking into networks to launch botnets, but also to go after specific information stored in databases there, including Social Security and credit card numbers and bank account information -- data they can sell on the Internet black market.
Faster Internet connections -- As 10 gigabyte Ethernet connections go from luxury item to commonplace network pipe, companies’ existing security measures will have trouble keeping up with the increase in volume, making networks more vulnerable to attack. “The shear volume of traffic will make it difficult to identify what’s good traffic and what’s malicious,” says Anthony James, senior vice president with Fortinet, the IT security hardware company.
The economy -- Due to the recession, IT departments will be asked to maintain current service levels with the same or less money. As a result, interest should pick up in integrated security hardware and software that performs several functions, such as combination intrusion protection systems and firewalls.
SIDEBAR: Protect Your Small Business from Threats
In light of many potential threats, what can a small business do?
Create and maintain strong IT security policies. Update written policies with information on newer technologies such as smart phones and flash drives so employees know what they can and can’t do. Include rules covering how employees can log onto company networks, for example, either from an official company machine or one that’s passed certain security requirements.
Restrict access. Block employees’ ability to log onto high-risk types of websites or domains, such as peer-to-peer networks, where the risk of picking up viruses or malware is greater.
Patch early and often. Regularly install patches and updates from Microsoft, anti-virus, firewall, and other security vendors for desktop machines, laptops, and servers.
Educate employees. Having policies isn’t enough. Companies need to use every means possible to inform employees about them, including listing them in employee handbooks, newsletters, e-mail bulletins and on a company’s website, wiki, or blog.