SMB Network Security - A Chink in Your Armour?15th Jul 2015
Working as I do in business networking, with a particular focus on security, I am always keeping up with news regarding security intrusions. But, it occurred to me that - given the huge increase in hacking stories over the past year or so, some that even made their way into the mainstream press - the non-tech focused people out there must have taken notice too.
Bear with me here, I know the title of this blog is about SMB Security, but just laying down a little context first…
The latest breach - a large scale attack on the US Government Office of Personnel Management (HR Dept.) -, which reports say went undetected for up to a year whilst someone (allegedly the Chinese Government) had their fingers and eyes well into some very important personnel data of 4m (yep really, 4 Million!) employee records.
The implications for the US Government are obviously huge as the data taken during this attack could be used in all kind of ways to exploit those at the source…and this is essentially what hacking is all about.
Is it all about money?
Often the aim of a hacker could be directly related to money, by gaining access to the targets’ financial records for instance, or taking data with a view to blackmailing the owner. Or, in the case of inter country hacking, the chance to gain an upper hand in worldwide power and influence and commercial prowess, which again ultimately leads back around to the power of the economy and thus, money.
Reading this story and similar ones about Sony and Microsoft et al, the misfortune and embarrassment it has brought upon them may make us chuckle and deride how incompetent these large organisations are, but as they are large faceless corporations or governments we don’t see the relevance it has to security in our own workplaces.
Pick on someone your own size
There are a lot of big networks to take a pot shot at and for hackers, whether criminally minded or driven by foreign governments, concentrating on these big targets can mean big kudos, big gains and lots of publicity. However this does not mean that smaller companies are not targeted for the same or similar reasons.
Commercial espionage is something actively pursued (whether they admit or not) by all governments, it’s not just the so called ‘bad guys’ and the criminal fraternity who are always looking for an angle to make money and sell what they can uncover.
Large corporations, and especially the Government, should have systems and procedures in place, not to mention large expensive IT teams who are meant to prevent these attacks. In contrast, smaller businesses will have smaller IT teams and of course smaller budgets. There may also be more demands on these small IT teams due to the multi-tasking requirements and reduced head count.
This potentially means that these smaller companies who may consider they are ‘under the radar’ when it comes to security attacks can become complacent or not be fully prepared to combat an intrusion. Consider for a minute that in 2014, 60% of small businesses fell victim to cybercrime, and you can see that the problem here is very real.
Hackers will potentially use this knowledge to focus on a ‘softer target’ on which to direct their attacks as, although the overall gains may not be as significant when attacking a smaller company, the ease of attack may be simpler and less time consuming.
In the super connected world we currently find ourselves in, where the traditional network perimeter is blurred and there is a direct need to provide connectivity and access to users often using their own devices from home or across insecure Wi-Fi from anywhere in the world, we open up the window for potential network compromise.
Small businesses also do not work on their own and may often have secure VPN connections between themselves and the larger corporations they work with in order to gain access to shared systems. A compromise of the smaller company could provide the conduit needed to gain access to the larger company; effectively the soft underbelly of the large company could be the smaller inter-connected company.
Employee and End-User education
If you have ever studied the logs of the outside interface of your network firewall you will see continual probes, scans and attacks looking for that all important route into your network.
Securing your network from these attacks is only the first step. Educating users to better understand the risks and to be savvy about not clicking hacker bait is important too, along with strong policies on how to operate securely.
Most importantly, as users will always do something silly at some point, the IT team must have systems in place that can provide protection prior to an attack, alert you during an attack and allow you to remediate and clean up after the event. These capabilities are crucial and the advanced functions available in Next Generation Firewalls is a good place to start.
Doing this with a limited budget and with limited time and resource can be a challenge but it is one that should be undertaken to ensure your important commercial data stays secure.
If you'd like to find out more about Network Security Solutions for Small Businesses, Ensign's technical team have a great deal of experience in the areas; call them on 01929 556 553 or email email@example.com.
You may also find this Small Business Network Cybersecurity Series from the Guardian has some useful information.
If you are planning to deploy an enterprise-grade wireless network or are experiencing problems with a existing setup, please feel free to contact Ensign Communications for a chat with our technical team.