Number One Security Risk For Small Business: Poor Patching

Symantec, one of the leading antivirus software companies, released their 2009 security review, and according to the report, the largest single threat to small business’ computer security is the failure to apply new security patches as they’re released by the manufacturers.

A “security patch” is simply a software fix to a security problem in a software application.

Once a security vulnerability is discovered, software companies rush to develop a security patch to prevent hackers from using the security breach to access PCs or servers, obtain confidential information, or erase files.

When the fix is released, cyber criminals often look at that as the best time to write a virus or trojan to exploit computer users who haven’t kept their systems up to date. That’s why regular server maintenance is so important.

With the national economy teetering on recession, more and more hackers are trying to take advantage of unsuspecting computer users. Economies of scale often come into play with cyber attacks – a well written trojan or virus can spread like wildfire in just a few hours.

Even if hackers are only successful in compromising a few hundred machines, that’s more than enough to obtain information that’s useful to steal someone’s identity or hold their electronic data hostage.

The real problem – most of the time, you can’t tell you’ve been hacked until it’s too late.

Since the majority of small business owners use their computers for everything from banking to client management, anything a hacker obtains will be useful.

PDF’s Can Be Dangerous
Adobe’s PDF application is the most hacked and exploited software program in use by small businesses. PDF-based security exploits rose to account for 49 percent of online attacks. Coming in second was Internet Explorer, accounting for 18 percent of webbased attacks.

Here’s an interesting fact: The Internet Explorer vulnerability that makes up the majority of the 18% is the Microsoft Internet Explorer ADODB> Stream Object File Installation Weakness that first came to the world’s attention in August 2003. Microsoft released a patch the following July.

Nearly six years later, this Internet Explorer exploit is still being used by hackers, which means an incredible amount of businesses simply aren’t patching their systems on a regular basis.

Regular Maintenance Is A Must
It seems strange to think of your computer this way, but it helps to think of your PC as an automobile. You know that to keep it in top running condition, you have to change the oil, rotate the tires, and flush the radiator once in a while.

Your computers and servers aren’t any different: To maintain optimal running condition, you have to perform regular, scheduled maintenance.

Downtime is expensive. When you consider the cost of lost employee productivity, the expense of the IT services to repair your network, and the amount of time it would take to recover your data by hand, the investment in regular maintenance seems a wise choice.

We perform regular, scheduled maintenance for the majority of our service contract clients – but if you’re not on one of our service plans, we should definitely talk about a comprehensive maintenance and update schedule for your business. If you’re not patching regularly, it’s only a matter of time before your system is compromised.