InformationWeek SMB: SMB Web Security Best Practices
Best practices suggestions include using software as a service (SaaS) security offerings, locking down the browser and not letting employees run computers with full administrative privileges.
“If Bonnie and Clyde were alive today, they’d be quite amused at just how easy it is to make a dishonest buck. Today’s criminals have swapped machine guns and getaway cars for viruses, Trojans, rootkits, and other malicious software. Financial fraud as well as identity and intellectual property theft are the crimes of choice. The Justice Department’s Internet Crime Complaint Center received 336,655 complaints about online fraud last year, totaling a record $559.7 million.
While the media focuses on spectacular attacks against large companies, criminals are just as happy to target small and midsize ones. There are many technologies available to help smaller enterprises reduce risk, from data loss prevention suites to full disk encryption to vulnerability management. All have merit, but with money tight and resources scarce, we believe companies can get excellent security mileage focusing on Web-based threats. It looks like business technology and security pros at these companies agree: When asked which kinds of attacks companies with fewer than 1,000 employees anticipate in the coming year, malware is by far the winner (see chart, below).”