"Phishing" is the term used to describe attacks that involve the
mass distribution of spoofed e-mail messages with return addresses,
links, and branding which appear to come from large corporations
(e.g. banks, eBay) with fraudulent messages designed to fool you
into divulging personal info. Up until fairly recently, these
phishing attacks were very broad-based. For example, they typically
targeted eBay users with huge bulk emailings. Now, they have become
more and more targeted, perhaps preying on customers of a small local
bank. This targeted phishing attacks have been dubbed spear-phishing
attacks.
The U.S. continues to play the role as the largest source of
malware, spam and phishing attacks, hosting 18.1 per cent of
the world's compromised (zombie) computers in the first quarter
of 2006 (down from a high of 44 per cent in Q2 05).
Previous trends, such as viruses and phishing both becoming
increasingly targeted, continued to intensify. (According to
an April MessageLabs Intelligence Report)
"The growing trend of more targeted attacks was something we started to see
in 2005 and we're continuing to see it gain momentum and also increase in
sophistication. We are now also seeing this targeting move into other
categories, such as with the increase in 'spear-phishing,'" said Mark
Sunner, chief technology officer, MessageLabs. "While overall threat numbers
remain largely stable, this only tells half the story. In reality, the cyber
criminals are becoming more adept at drawing less attention to themselves,
by sending out highly targeted virus and phishing attacks in smaller
numbers, running smaller botnets and ultimately finding new ways to make
money from victims around the world."
Here is a great list of things small businesses can do to improve
security that was published by Symantec, the anti-virus software and security people:
Small businesses face the same online threats as large corporations.
Whenever you and your employees are online, your business is exposed
to security threats. By implementing these recommended security
practices, you can help protect your information.
Install antivirus software on all desktops, laptops, and servers to prevent virus infection.
Use a firewall on all desktops, laptops, and servers to block intruders.
Keep current with operating system and security software updates to ensure you have the latest protection.
Create strong passwords with at least eight characters combining alphanumeric and
special characters. Change passwords every 45-60 days.
Open email responsibly. Never open attachments from unknown senders. Don’t respond to spam.
Enable the security settings on your Web browser and do not enable file sharing.
Back up important data regularly and store extra copies offsite.
Secure all remote computers with antivirus and personal firewall software.
Evaluate the benefits of a virtual private network (VPN) that provides a private “tunnel”
to your business.
Secure wireless connections with a virtual private network (VPN) and install
firewalls.
Follow routine physical security precautions from using the screen-locking
feature to locking down laptops with a cable.