SYNOPSIS

Not all businesses have the luxury of a dedicated security team that manages endpoint security, monitors networks for malicious traffic, or routinely scans for vulnerabilities. Many rely on a handful of system and application administrators who are equally adept at managing email and database servers as they are soliciting business requirements and training end users. They also know something about security but unfortunately they do not have the time or the resources of cybercriminals. Malware, spam, phishing attacks, and directed hacking attacks are part of everyday life in IT. The SMB Security Series: How to Protect Your Business from Malware, Phishing, and Cybercrime explains the state of malware and cybercrime today and outlines methods for responding to these threats without demanding inordinate amounts of time or expertise.

CHAPTER PREVIEWS

Article 1: Malware, Phishing, and Cybercrime - Dangerous Threats Facing the SMB

Malware, phishing and other cybercrime threats have become a persistent problem for businesses. Many organizations do not have the luxury of a dedicated security team that manages endpoint security, monitors networks for malicious traffic, or routinely scans for vulnerabilities. Many rely on a handful of system and application administrators who are equally adept at managing email and database servers as they are soliciting business requirements and training end users. They also know something about security but unfortunately they do not have the time or the resources of cybercriminals. Malware, spam, phishing attacks, and directed hacking attacks are part of everyday life in IT. This Essential Series explains the state of malware and cybercrime today and outlines methods for responding to these threats without demanding inordinate amounts of time or expertise.

Large enterprises are obvious targets of cybercriminals. The well known security company, RSA, was recently the target of an advanced persistent threat to steal information about the company's security devices. One of the key steps in that attack was a phishing email message. When an employee opened a spreadsheet attached to the message malicious code was run that enabled the attacker to install remote control software. From there the attacker was able to monitor the user's activities and infiltrate other devices on the network.

Cybercriminals do not limit themselves to attacking large businesses. Small and midsized organizations may have valuable information, such as financial data, as well as computing and storage resources attackers can use for other exploits.

Article 2: Securing Endpoints without a Security Expert

Businesses have to protect their endpoint devices from a wide range of security threats. Fortunately, we do not have to be specialized security experts to get the job done if we understand some of the fundamental issues of securing our business systems. In this article, we examine how to implement and maintain endpoint security with particular emphasis on:

• The changing landscape of endpoint devices
• Core requirements for endpoint security
• Management requirements for maintaining endpoint security

By considering both the technical and the management issues related to endpoint security we can better understand how to mitigate the information security risks facing most businesses.

Article 3: Streamlining Web and Email Security

The Web and email systems are digital gateways into your business. Your customers and business partners can make use of your Web applications to conduct business with you and many depend on email for communications. These are valuable assets to any business but they are also the means by which attackers can gain access to your systems and your confidential information. In today's business environment it is imperative that you protect your Web-based assets and secure your email systems to mitigate the risk from well known threats such as malware, spam, phishing and data loss.

This final essay in The SMB Security Series: How to Protect Your Business from Malware, Phishing, and Cybercrime we describe threats to your systems and provide guidelines for protecting those systems. In particular, we will examine:

• Malware and attacks entering your system
• Protecting network traffic
• Resources for addressing security risks
• An executive checklist for evaluating options

These topics reflect the multiple dimensions of security threats and the combination of measures that must be in place to mitigate the risk posed by these threats.