WatchGuard has named the top ten security threats for small and medium sized businesses.
The company claimed that SMBs face multiple security threats with often limited resources to protect assets, data and customer information, and the ten main security threats are as follows;
1) Unpatched vulnerabilities open to known exploits - More than 90 percent of automated attacks try to leverage known vulnerabilities. Although patches are issued regularly, a short staffed SMB may likely fail to install the latest application updates and patches to their systems, leaving them vulnerable to an otherwise easily stopped attack.
2) Malicious HTML e-mail – Attackers are no longer sending e-mails with malicious attachments. Today, the threat is hidden in HTML e-mail messages that include links to malicious, booby-trapped sites. A wrong click can easily lead to a drive by download.
3) Reckless web surfing - Now more than ever, malware, spyware, keyloggers and spambots reside in innocuous looking websites. Employees who venture into ostensibly safe sites may be unknowingly exposing their business networks to extreme threats.
4) Compromised web servers - Many SMBs host their own websites without adequate protection, leaving their business networks exposed to SQL injections and botnet attacks.
5) Loss of portable devices - Much SMB data is compromised every year due to lost laptops, misplaced mobile devices and left behind USB sticks. Although encryption of mobile device data and use of strong passwords would mitigate many of these losses, many SMB users simply fail to secure their mobile devices and data.
6) Reckless use of public networks - A common ruse by attackers is to put up an unsecured wireless access point labelled, ‘Free Public WiFi' and simply wait for a connection-starved road warrior to connect. With a packet sniffer enabled, an attacker stealthily sees everything the employee types, and is then able to utilize that data for personal gain.
7) The unsecured home - In many small businesses, employees often take laptops home to work. In an unsecured home network environment, a business laptop can be dangerously exposed to viruses, attacks and malware applications.
8) Unchanged factory defaults - Hackers publish and maintain exhaustive lists of default logins (username and password) to nearly every networked device, and can easily take control of network resources if the default factory configuration settings are not changed.
9) Lack of contingency plans - One of the biggest threats to SMBs relates to the business impact of post-hack, intrusion or virus. Many SMBs lack a data loss response policy or disaster recovery plan, leaving their business slow to recover and restart operations.
10) Insiders - In many SMBs, business records and customer information is often entrusted to a single person. Without adequate checks and balances, including network system logs and automated reports, data loss from within can stretch over long periods of time.
Eric Aarrestad, vice president of Marketing at WatchGuard Technologies, said: “Security threats to SMBs are just as real as they are to enterprise organizations. The tragedy is that many SMBs are simply unaware of the unified threat management appliances that can combat these threats.”