When business information is on the line, your entire organisation is at risk, particularly as a small business. You can’t afford to let complacency be the hallmark of your security strategy, and you can’t think you’re invisible to the bad guys. For SMBs that use Macs to fuel their businesses taking the appropriate steps to protect their information is now a necessity.
Walk into any business today, either large or small, and it’s not difficult to find an Apple device sitting on a desk somewhere. In fact for the first time, Apple has recently become the second largest PC vendor in New Zealand, according to analyst firm IDC ? providing an insight into the scale of Apple penetration locally.
The Mac community has grown enormously in the last decade ? and now cybercriminals are taking notice, as evidenced by the recent Flashback outbreak. The Flashback virus, which targets a Java vulnerability in Mac OS for which Apple has since issued a security update, spread quickly.
This Trojan infected upwards of half a million Mac machines, including some in New Zealand, which created a large botnet to transfer information back to the cybercriminals. While Apple responded quickly with a security update to address this issue, Flashback should be a wake-up call for SMBs ? malware authors now consider Mac computers a viable battleground along with the Windows platform. In an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to US$450 per day. Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of US$10,000 per day. However, Symantec has identified new Java Applet malware that targets this same Mac vulnerability and Windows at once ? it checks which OS the machine is running on and downloads a suitable malware for the OS.
Complete Information Protection for SMBs
What should small business owners be doing to protect their information from the latest threats to Mac and Windows machines? The answer is a combination of technology and policy.
- Deploy a reliable security solution throughout your organisation ? on Mac and Windows endpoints. Today’s security solutions do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software’s database of known malware, suspicious email attachments and other warning signs. It’s the most important step small businesses can take toward keeping computers clean of malware.
- Keep your security software current and your OS and third-party applications updated with the latest patches. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
- Develop security policies and educate employees about internet safety, security and the latest threats. Train your employees to be wary of email attachments, links from unknown sources and unusual software update requests. Most infections can be prevented by adhering to organisational policy and exercising caution.
- Enforce strong password policies. Maintaining strong passwords will help you protect the data if a device is lost or hacked. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Have employees change their passwords on a regular basis, at least every 90 days.
- Implement encryption technologies on desktops, laptops and removable media. With encryption, your confidential information is protected from unauthorised access, providing strong security for intellectual property, customer and partner data.
- Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep small business desktops, servers and applications running smoothly in case of disruption – whether it’s a flood, an earthquake, a virus, system failure or human error.
- Regularly check your defences to be sure everything is working properly.
The internet is shrinking the world of business, allowing small businesses to connect with customers everywhere, but it also brings security risks to SMBs. Regardless of your situation, the size of your business or whether you’re on a Mac or Windows systems, it’s time to start securing your information. If you’re concerned that you may be infected with Flashback, Symantec has provided a free detection and removal tool for download here.
Chris Russell is the SMB manager for Symantec.cloud