Businesses fall short on cyber-security

By Jane Dickson,
Regional general manager for managed partners in Microsoft’s Small and Mid-market Solutions and Partners (SMS&P) group

Most of us are conditioned to perform certain safety routines whenever we leave our homes and our automobiles. We lock the doors and windows and make sure valuables aren’t sitting out, visible to passersby.  Transferring these instincts to the world of cybercrime, though, doesn’t always come as naturally. For many business owners, staying up-to-speed on the latest digital security threats isn’t instinctive and can get put on the back burner in deference to other business priorities.

The good news is that you have many free resources available to help you easily navigate the ever-evolving world of cybercrime. One is Microsoft’s Security Intelligence Report, a bi-annual comprehensive update of technology threats designed to keep your business’ digital data safe.

Worm infections on the rise
Microsoft’s most recent Security Intelligence Report (SIRv7) indicates that the most significant trend in the first half of 2009 was an increase in worm infections. Worms, designed to replicate themselves and move from PC to PC and network to network, rely on access to unsecured file shares and removable storage devices to spread.  It’s crucial to stop worms at their source. Once they’ve infected one area of a network, they can spread more effectively behind a firewall than over the Internet.

Additionally, they can spread from employee home computers to your workplace. For example, Taterf, a new type of worm that targets multiplayer online role-playing games, can penetrate a USB drive an employee brings in from home, and then infect your entire network.

Pseudo-security software
Unfortunately, sometimes not even security software can keep your computer and network safe.  A growing number of cybercriminals use your desire to protect yourself as a way to actually steal from you.

Here’s how it happens:  while surfing the Internet, you might come across a pop-up ad for security software that bears a striking resemblance to the real thing. In reality, though, it provides little to no protection and actually is designed to take money or sensitive data from its victims.

Large businesses aren’t as vulnerable to rogue security programs because their employees tend to demonstrate more confidence in company security measures and are less likely to purchase additional protection. In smaller companies, though, where security policies can be vague, employees may be more tempted to fall for such scams in an attempt to protect the company.

The latest Security Intelligence Report reveals that security measures and education have reduced the success of this type of malicious software, but also indicates that these programs are still among the top threats globally.

Next steps
Keeping  the workplace safe from security breaches isn’t only the responsibility of the business owner or the corporate IT department. All employees should take accountability for their actions and learn safe computing practices. Educate your employees about computer security and discuss with them the latest threats as outlined in Microsoft’s Security Intelligence Report. This will help them understand the role they can play in preventing cybercrime.

Updating your IT infrastructure with new technologies also can bolster your defenses. Programs like  Network Access Protection and DirectAccess, for instance, enforce security protocols and can help prevent employees from unknowingly infecting the network.

Business owners juggle a number of priorities every day. Adding one more to the list, cybersecurity, can feel overwhelming. Yet, once you begin to make it a priority, protecting your company’s digital data will eventually feel as natural as locking your doors and windows. It also will help you rest easier at night.

About the author: Jane Dickson is a regional general manager for managed partners in Microsoft’s Small and Mid-market Solutions and Partners (SMS&P) group. The full Security Intelligence Report provides more detailed information on security threats and is freely available at

Disclaimer: Articles featured on Oregon Report are the creation, responsibility and opinion of the authoring individual or organization which is featured at the top of every article.