Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

June 9, 2009 |

Cybercrime Countermeasures: Essentials for the IT Pro’s Toolbox

From sticky-fingered employees to Web-based malware and vulnerable VPNs, security threats lurk. Here’s how to fight back.

Like rust, cybercrime never sleeps. Indeed, though businesses have spent billions of dollars and countless hours shoring up their IT defenses, security threats continue to proliferate. “We’re seeing more and more malware attacks than ever before,” says Adam Hils, a principal research analyst and SMB security expert at Gartner Inc.

Worse yet, many of your clients are probably at risk. According to Hils, most SMBs figure that a desktop anti-virus program, a network firewall, and perhaps some Web filtering software are all the protection they need. In truth, however, fending off today’s continually evolving array of often fiendishly clever exploits requires more sophisticated tools and techniques.

And that’s where you come in. Here’s a look at some of the latest and most menacing security trends–and the countermeasures you can use to keep your customers safe.

THE INSIDER THREAT
Today’s brutal economy is driving up layoffs, leaving businesses even more vulnerable than usual to disgruntled employees making off with confidential information. “It’s a universal problem,” warns JG Chirapurath, director of identity and security at Redmond, Wash.-based Microsoft Corp. Chirapurath advises channel pros to help their clients develop an end-to-end data loss prevention strategy that includes digital rights management (DRM) software. DRM systems can prevent outgoing staffers from viewing, emailing, or copying sensitive files.

Activity monitoring solutions offer further protection from sticky-fingered employees with pink slips. Available from vendors such as Imperva Inc. and Application Security Inc., these products enable managers to keep a close eye on who is accessing what on their network.

THE OUTSIDER THREAT
Employees aren’t the only ones showing heightened interest in restricted data lately. Business rivals are increasingly taking uninvited peeks at marketing plans, customer records, and product designs too. “The market is dog-eat-dog. As companies are fighting to stay alive [they] will go to any extreme to get the goods on their competitors,” observes Bradley Dinerman, a security specialist and president of Fieldbrook Solutions LLC, an IT consultancy in Ashland, Mass.

Identity and access management applications and intrusion detection products can help safeguard your clients’ networks, but many SMBs find them too pricey. Strong, or “two-factor,” authentication technologies from providers such as Aladdin Knowledge Systems Ltd. present a more affordable-though less comprehensive-alternative. Using tokens and biometrics, such systems help ensure that only authorized persons gain access to network resources.

Security policy management solutions from companies such as Tufin Software Technologies Ltd. and AlgoSec Inc. are another reasonably priced way to keep outsiders out. Such products help you cleanse a client’s firewall of unused or redundant rules that intruders can use to sneak onto a network.

WEB-BASED ASSAULTS
According to Gartner, as many as 70 percent of U.S. and European companies use filtering software to keep employees away from Web sites that display content unfit for the workplace. Yet just 15 percent of businesses run malware-filtering products that automatically block sites harboring malicious code. Too bad, then, that some 85 percent of malware is now distributed through the Web, according to a separate study conducted by security vendor Webroot Software Inc. of Boulder, Colo. Webroot’s hosted malware-filtering service is one of many cloud-based and on-premise offerings that make smart complements to anti-virus and anti-spyware products.

Of course, it’s not just other people’s Web sites that your clients need to worry about. Their own Web sites may be putting them at risk too. Hackers have recently discovered that Flash, Silverlight, and Java applications commonly found on corporate Web sites often contain glaring vulnerabilities. “In a lot of cases the actual user names and passwords to particular Flash applications are embedded in the code,” notes Michael Montecillo, a principal analyst at Enterprise Management Associates Inc. Skillful attackers rarely have trouble ferreting out such information.

The best way to protect your clients is by helping them remove weak code from their Web applications before the bad guys can find it. Products aimed at assisting with that task are slowly reaching the market. HP, for example, recently introduced a free tool called SWFScan that searches Flash applications for security flaws.

SOCIAL NETWORKING HAZARDS
Facebook, Twitter, and other social networking sites are rapidly becoming workplace mainstays. Along the way, however, they’re also exposing businesses to new security perils. “There are lots of vulnerabilities in those social networking platforms that SMBs don’t understand,” says Gartner’s Hils.

Chief among them: users who thoughtlessly disclose privileged information to their online buddies. Unfortunately, it’s a difficult risk to address. You can help customers block access to social networking sites at work, but it’s sure to hurt morale and won’t stop people from spilling the beans after hours. Experts say that teaching employees about the dangers of social networking is usually a more effective strategy. “Training goes a long way,” notes Carol Baroudi, research director for security at analyst firm Aberdeen Group. “Some people will actually not do what they’re told not to do.”

RISKS ON THE ROAD
Odds are good your customers are as devoted to their BlackBerrys and iPhones as you are. But like all smartphones, those wildly popular devices pose security dangers.

Loss and theft are the most common risks, since mobile devices usually contain sensitive business information. To protect your clients, start by ensuring that every employee has enabled his or her phone’s login password feature. Then make certain that data on everyone’s mobile device is encrypted. Some smartphones come with built-in encryption capabilities, and third-party encryption products are available from companies such as Airscanner Corp. and Utimaco Inc.

Finally, equip your clients with a “nuclear option,” in case all else fails. “Remote wipe” technologies enable you to scrub all data from a lost or stolen smartphone. BlackBerry offers a remote wipe feature, and Microsoft Exchange Server comes with similar functionality. You can also get remote wipe add-on products from GuardianEdge Technologies Inc., Absolute Software Corp., and many other vendors.

TELECOMMUTING THREATS
There’s no beating the convenience of connecting to headquarters from home or the nearest Starbucks. But as corporate firewalls become harder to penetrate, cyberthieves are turning their attention to remote work sites. “Bad guys are figuring out [that] maybe they should attack those least-defended parts of the network,” Gartner’s Hils says. For instance, telecommuters often neglect to password-protect the wireless router in their home offices. “Someone can sit outside your house and hijack your home network and go into the corporate network,” Hils warns.

Fortifying your clients’ VPN technology can mitigate their exposure to such risks. To save money, many SMBs use low-budget VPN products based on the venerable IPSec protocol. Systems based on Secure Sockets Layer (SSL) VPN technology, however, offer superior authentication and encryption. SonicWall Inc. and Netgear Inc. are two of many vendors offering SSL VPN solutions that any SMB can afford.

THE DANGERS OF COMPLEXITY
Daunted by the prospect of deploying and maintaining so many different security technologies? You’re not alone. “People are starting to get tired of trying to manage all those things separately,” says Michael Argast, a security expert with U.K.-based IT security and control firm Sophos Plc. That’s why unified threat management (UTM) solutions are rapidly gaining popularity among SMBs. UTM products combine intrusion prevention, Web filtering, VPN, and other defensive functions in a single integrated package. Fortinet Inc. and WatchGuard Technologies Inc. are just two companies with modestly priced UTM systems.

Software-as-a-service and managed security offerings from providers such as Symantec Corp. and Trend Micro Inc. are winning fans in the SMB space for similar reasons. These services enable channel pros to both simplify and strengthen security for their clients in one fell swoop.

Whatever you do, though, make sure your clients don’t use the ailing economy as an excuse to shortchange their security efforts. “It’s important for organizations to recognize that security is a must-have. It’s not like you can close three out of four doors,” notes Baroudi. Recession or no recession, cybercrime marches on.

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience