Many small to medium sized businesses (SMBs) mistakenly believe that because they have installed anti-virus software, their environment is secure. However, a recent patch from audio device vendor Sennheiser perfectly illustrates why this isn’t the case.
According to Ars Technica, the fix addresses a vulnerability “that kept private cryptographic key in a format that could be easily extracted,” allowing hackers to easily conduct man-in-the-middle attacks to steal credentials from unsuspecting victims. In other words, security issues don’t always result from malware or phishing attacks—sometimes they simply result from software flaws. Additionally, it shows that vulnerabilities can come from unlikely places, like the driver software for your new headphones.
Anti-virus software is, of course, an essential part of your security strategy. However, it’s not a catch-all. In fact, nothing is. A successful security strategy requires a comprehensive approach. For example, issues associated with the Sennheiser vulnerability could be avoided by implementing controls over what employees can install on company devices.
This is why we recommend a tiered approach to IT security. First, employee education is essential. Be certain that employees understand the risks of cyberattacks and practice safe online behavior. Second, in addition to installing anti-virus software and a business class firewall, be certain that all of your software is patched and up to date. Many viruses are designed to take advantage of known vulnerabilities, so keeping everything up to date is an important precaution. Third, as noted above, it its essential to maintain oversight of employee technology use. This can also prompt “teachable moments” that keep IT security top of mind. Finally, back up critical data, so you can recover any data that is compromised by ransomware or other malware.
If IT security is a pain point for your organization, you aren’t alone. Many SMBs struggle in this area. In fact, if you have identified security as a weak point, you are already ahead of many businesses. If you are serious about making your business more secure, you’ve got options. For example, some businesses develop security expertise in-house, others hire talent from outside the organization, and still others outsource IT security to a service provider. Many find it appropriate to invest in endpoint protection for employee laptops, tablets and other mobile devices. Carbonite Endpoint provides backup beyond antivirus and addresses concerns many companies have.
Whatever your choice, make sure you don’t make dangerous assumptions about IT security. Instead, make it a priority in 2019.