With Windows the most popular environment for many small businesses, threats that target Windows programs or applications are a particular concern. This includes Microsoft Internet Explorer (IE). According to the report, IE was the most frequently targeted Web browser during the first half of 2006, and it had the second highest number of vulnerabilities. Browser vulnerabilities are cause for concern since they play a role in online fraud attempts and in propagating spyware and adware. Attacks targeting IE accounted for 47 percent of all attacking computers. Thirty-eight new IE vulnerabilities were documented during the first six months of the year; that marks a 52 percent increase over the number documented in the previous period.

Proactive Protection

Clearly, in the wake of such trends, small businesses must continue to adopt new practices and technologies in order to stay a step ahead. For example, taking a layered, defense-in-depth approach to security and using a solution that integrates antivirus along with a firewall, intrusion detection, and antispyware on servers, desktops, and mobile devices provides a highly effective deterrent to many of today’s threats.

Because Internet threats are often delivered via spam, small businesses can also reduce their risk through the use of antispam protection at all levels. Antispam software scans incoming email messages sent to mail servers, then compares common characteristics of the spam to each incoming message in order to determine whether that message should be flagged as spam and filtered to a separate folder. By filtering out spam and allowing legitimate messages to reach employees, this software not only reduces spam but also increases the productivity of IT resources.

To protect servers, small businesses can harden operating systems by configuring them for maximum security rather than using default configurations. Unnecessary tools and utilities should be removed and patches should be installed to the operating system as fixes to newly discovered security vulnerabilities are made available.

Small businesses can also protect the security and availability of their information by installing access controls on servers, including encryption of all login sessions. Also, allocating servers for specific purposes can improve security. By identifying Web servers and email servers as public servers and file and database servers as private servers, these systems can be more appropriately configured.

One of the most effective steps small businesses can take toward ensuring the safety and accessibility of their data is to do regular backups. While traditionally backups have been written to magnetic tape, other options are now available to make backups easier and more reliable. Disk-based backup, for example, is fast becoming the preferred backup choice for many small businesses because of its cost effectiveness and ability to provide continuous data protection.

Of course, no backup system is effective unless data and systems can actually be recovered. As a result, it is also essential that small businesses have tools in place to restore servers from a bare-metal state in minutes rather than hours or days. These tools should also enable the scheduling of full or incremental recovery points hourly, daily, weekly, or at any given point in time in order to ensure more complete data and system protection.

With proactive practices and advanced toolsets in place, small businesses can protect their information assets, even as the Internet threat landscape becomes increasingly complex and challenging. By ensuring the security and availability of their data and systems, they are also helping safeguard the continuity and profitability of their entire business.

« Previous page | 1 | 2