www.eset.co.

uk

Essential Internet Security Tips for Business

...What You Need To Know To Ensure Your Computers & Mobile Devices Remain Secure Online!

By Mark James Head of UK Technical Support

www.eset.co.uk Distribution Rights To This Material:

ESET UK grants the reader the ability to freely distribute this material according to the following conditions; You MAY email this material to 3rd parties You MAY re-purpose this material on other websites You MAY include this material as part of a greater, noncommercial marketing package You MAY NOT sell this material without prior written consent from ESET UK You MAY NOT edit, re-brand or in any way change this material from its original form without prior written consent from ESET UK ESET UK Sovereign House 242 Charminster Road Bournemouth BH8 9RP Tel:( 44) 0845 838 0832 Web: www.eset.co.uk Email: sales@eset.co.uk

Disclaimer:
ESET UK has endeavoured to ensure all material within this book is accurate and correct at the time of publication. ESET UK acknowledges that the materials accuracy and relevance may change at some stage in the future and therefore strongly advises the reader to use this material as a guide only and to cross-reference other material as a means of assessing its accuracy. ESET UK is not responsible for the content of any external websites referenced in this material. ESET UK reserves the right to amend, remove or otherwise change any and all products and website materials present on the http://www.eset.co.uk/website that this material references.

Copyright 2013 ESET UK

ALL RIGHTS RESERVED.

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk

Chapter 1
Mac vs PC - Debunking The MythThe Real Truth Laid Bare
In 2007 comedy duo David Mitchell and Robert Webb were employed by Apple to advertise1 their Mac computer... Last year there were 114,000 known viruses for PCs, said Mitchell, playing a sneezing PC. PCs, not Macs, replied the Mac, otherwise known as Webb. The advert does not outright claim that Macs arent affected by viruses, but it does suggest that viruses arent something Mac users need to worry about. Is it still true in 2013 that Macs arent affected by viruses, or could the idea that Mac users do not need antivirus software lead to big problems for the millions of Mac users worldwide?

Windows is still easier to hack:

Even today, many security experts believe2 that it is easier to hack into the Windows operating system than Macs OS X. As a result there are many more viruses that affect PCs - but this certainly doesnt mean that Macs arent at risk. While PC owners are much more likely to protect themselves with antivirus software, most Mac users dont accept or know about the dangers they may face.

The numbers game:

Its thought that the global market share for Windows is above 90%. For this reason, hackers coming up with viruses often build them specifically for PCs, as a greater number of computers have a chance of being affected. For this same reason, news of viruses affecting PCs is much more likely to be reported, adding to the impression that Macs are unthreatened by viruses.

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk
However, as more people are beginning to use Macs, the security threat is becoming more real - especially when you consider that the Mac market share in wealthy western countries is as much as 20%. Inevitably, more and more criminals will be tempted to make viruses targeting Macs specifically.

Even Apple is facing the truth:

While in 2007 Apple was happy to very publicly declare itself unaffected by PC viruses, that all changed in 2012. Previously the American computer giant had said that a Mac doesnt get PC viruses. However, once it was established that a virus had affected 600,000 Macs3, Apple could no longer insist its computers were virus-proof, and instead began to say4 that Macs were simply built to be safe.

Antivirus software the only surefire solution:

When it comes to viruses, there seems to be 3 main types of Mac users... The first doesnt believe that their Mac is under risk. The second believes that Macs may be more at risk in the future, but for now they will be ok. Perhaps this is understandable - after all, for years the large majority of Mac users have been blissfully unaware of the viruses that blight PCs, and are happy to believe that for the time-being that situation is set to continue. The third type of Mac user understands that a serious virus could potentially affect their Mac, whether tomorrow or in several months and has invested in antivirus software to ensure that when such a virus is unleashed, theyll minimise their chance of being affected. The last type of user is one who will stay safe from viruses in the future. Which type of user are you?

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk References:
1 - http://www.youtube.com/watch?v=iY1iSocnPw0 2 - http://www.pcadvisor.co.uk/features/security/3418367/do-apple-macsneed-antivirus-os-x-security-explained/ 3 - http://www.examiner.com/article/not-invulnerable-flashback-trojan-said-tohijack-600-000-macs 4 - http://www.examiner.com/article/apple-quietly-admits-os-x-no-longer-virusfree

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk

Chapter 2
Android Operating System On Your Mobile Device Essential Security Information You Need To Know!
One of the most innovative, customisation-friendly and democratic platforms available, Android, is in many respects an app-lovers dream. With an open platform that allows for adaptation and the sale of an enormous range of exciting apps at lightning speed, the Android world moves quickly. There is, however, a downside This free love approach can leave Android users vulnerable1 to hackers and malicious software, particularly if their Operating System (OS) is in any way out of date. Indeed, dubbed by some experts2 the natural choice for online attacks, Androids brave new open world requires stringent security measures in order to keep users data safe. In this article, we examine 3 Android OS-related security problems and what can be done about them.

1. Many Android Operating Systems Are Out Of Date

Unless you purchased your Android tablet or phone recently, the chances are that your device is working through an outdated OS, leaving you vulnerable to severe security threats. Googles most recent data3 shows more than a third of Android customers are still using Gingerbread or versions 2.3.3 to 2.3.7 (released two years previously). Gingerbread carries a number of security weaknesses which were rectified in more recent versions. While around one third of Android users are now on the more secure, up-to-date operating system known as Jelly Bean, most Android customers have not yet been able to upgrade because the OS is still under tight control by the carriers4. Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk 2. Android Users Cant Initiate OS Updates Themselves

One of the most important things in software security today is the ability to remotely update, said Collin Mulliner4, a researcher with the Systems Security Lab at North-eastern University in Boston, at a special panel discussion at the RSA security conference earlier this year. Unfortunately, while iPhone or iPad users can initiate the operating system update themselves, with Android the updating process is under the control of mobile carriers. At this time, efforts to push out user updates have been reported4 to be extremely disappointing Any update delays can leave users vulnerable to malicious software and attacks.

3. Androids Open Platform Enables Device Manufacturers And Carriers To Adjust The Operating System
And they often do; for example, for the purposes of setting desired configuration settings or offering extra software bundles. Whenever a new Android operating system update is released, the carriers and the vendor need to test these adjustments against their own home-brew systems before they can release the latest version4. Some devices never get the latest version because they are older models or are being phased out. Google releases an update roughly every 6 months, but some devices have been known not to receive a single update for well over a year, if at all4. With all these potential issues, its perhaps little wonder than some IT experts have dubbed Android the IT communitys latest problem child5. In fact recent research by French security experts Pradeo6 showed Android app threats to outnumber those by IOS apps by a rate of 21:1. At the same time, its well acknowledged7 that Android offers users fantastic customisation options and an enormous range of

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk
fantastic apps that make life just that little bit easier and more enjoyable. To help make your Android and mobile device more secure, there are a number of leading mobile antivirus solutions worth investigating, that are fairly priced and easy to use.

References:
1 - http://www.cio.com/article/675084/8_Essential_Android_Security_Apps 2 - http://www.itworld.com/open-source/350033/android-it-communitys-latestproblem-child 3 - http://developer.android.com/about/dashboards/index.html 4 - http://securitywatch.pcmag.com/android/308966-android-s-biggestsecurity-threat-os-fragmentation 5 - http://www.itworld.com/open-source/350033/android-it-communitys-latestproblem-child 6 - http://www.gomonews.com/android-apps-are-more-risky-than-ios-by-211says-pradeo/ 7 - http://techland.time.com/2013/04/25/new-android-phone-check-out-these14-essential-hints-and-tips/

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk

Chapter 3
Bring Your Own Device (BYOD) & Security6 Simple Steps To Help Ensure Your BYOD Safety
Over the past few years, the functions and range of use of mobile technology has exploded with smartphones and tablets. At the same time, flexible working patterns, Social Media marketing and remote working has continued to blur the line between work and home somewhat. As such, the practice of BYOD (Bring Your Own Device) into work has flourished.

BYOD: Help Or Hazard?

Proponents of BYOD say its a great way to boost morale among team members and cut costs. Letting staff work on the device they love and are used to operating can benefit the company balance sheet, so it must be good for business, right? Well, it depends... Critics of BYOD point out that these practices can be dangerous to company data security, leaving precious information vulnerable to loss, theft, or misuse and hence place corporate reputation and profits at risk. So whats the solution? Ultimately, its up to the individual business to decide what is best for their company practice according to its own means, security policies and so on. But one thing is certain: if you want to try BYOD, you must take certain measures. Because failing to do so can potentially leave your company vulnerable to Internet attacks, data loss and even legal repercussions especially if your firm handles sensitive data.

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk
Indeed, one study1 found that in situations where devices were intentionally lost and data was compromised leading to financial losses, the average cost to a company was $250,000. So how can you ensure security for BYOD? It begins with a few clear steps:

1. Determine The Terms Of Your BYOD Policy

Ask yourself questions like: Who owns this device? Who is ultimately responsible (and liable) for its data security? W hat rules can we determine in writing that can help to ensure the safety of our data? You need to be sure that you not only have security policies, but that you have the ability to enforce those security policies for individual devices and that you can safeguard your intellectual property in the event of a device being stolen or lost.

2. Ensure Super-Strong Passcodes For Every Device

When it comes to BYOD security, the best starting point is to employ the same security requirements that you employ for your own network devices strong passcodes are obviously a key part of that. A robust passcode makes it extremely difficult for an individual to breach security and compromise data.

3. Conduct Full-Disk Encryption For Disk, Cloud Storage And Removable Media
If the device-point passcode is somehow compromised, ensuring that the data stored on the device is encrypted offers a second layer of security that a hacker would need to breach in order to be able to steal the data.

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk 4. Purchase Premium Mobile Device Management (MDM) Software

Effective MDM software enables you to remotely manage, secure and monitor company information on mobile devices. It can be a lifeline for businesses incorporating BYOD. For example, MDM software enables you to wipe sensitive information in the case of a device being lost or stolen.

5. Application Control
Ask yourself if you have the authority to ban the use of certain applications on BYOD? For example, IBM recently banned2 some speech-to-text applications on employee devices. Should you and would you be able to do the same?

6. Purchase Antivirus And Firewall Protection As Well As Data Loss Prevention (DLP) Software For Use Across All Devices
The best antivirus and firewall software products for use across BYOD can protect you from hacking attempts. But what is Data Loss Prevention (DLP) software and how can it protect you from potential data leaks within your own ranks? Data Loss Prevention software is there to ensure that end users cannot transfer critical or sensitive data beyond your business network. It can help your administrators monitor and control what information your employees send - this is essential. Allowing your employees to access company data through their own devices presents particular risks and unfortunately, not all antivirus and data loss prevention software products can offer the same level of protection from threats.

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk References:
1 - http://smallbiztrends.com/2013/06/byod-trend-productivity-security.html 2 - http://www.sophos.com/en-us/security-news-trends/security-trends/byodrisks-rewards/what-byod-means-for-security.aspx

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk

Chapter 4
SME/SMB PC & Mobile Device Best Practices5 Essential Tips Your Business Will Immediately Benefit From
Streamlining your means of communication and data management is crucial, whatever the size of your business. Over the last 10 years or so, one of the most notable shifts in the business world has been the increasing demand for the easy access of corporate applications and data on mobile devices. Individual productivity and collaboration tools like email, contact management, calendars and general web access have spearheaded the trend in companies going mobile. Now businesses increasingly want to make as many processes as possible personal PC-based and mobile, in order to facilitate productivity and flexibility for customers. Research shows this is true not just for larger businesses - in fact a 2010 study1 showed that 84% of medium-sized enterprises (from 100 to 1000 employees) use wireless and mobile devices for essential business functions. Most small and medium-sized businesses dont have a large IT support team to manage their PC and mobile systems and therefore, they will often look for effective, ready-to-use systems. However, the effective selection and management of any systems can still be tricky and requires a number of considerations. Here are 5, essential tips for SME/SMB PC and mobile device use:

1. Consider Your Communications And Data Strategy

While some smaller businesses do have clear PC and mobile device strategies in place, many seem to adopt new systems as a response to industry trends as much as anything else.

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk
In fact, as business IT experts1 advise, the adoption of any new systems should be preceded by a clear weighing of the costs and benefits, as well as the specific end-goals. A key question when considering new systems and applications should be: how will they streamline workflows, bring down costs or enhance our customer service?

2. Determine Who Should Access Which Data And When

As any wise business owner knows, their IT systems should not simply be an open book for all to see. Determining which information and systems are necessarily and appropriately managed by which employees is essential. Once this is decided, you can then take steps to protect privileged systems and information, for example with password and device configuration.

3. Provide The Right Employee Training And Safeguards

Poor employee knowledge can be a big threat to your business and its been found that employee disregard for data safety is one of the biggest concerns1 of business owners. An uninformed staff member could unintentionally lose or share data, not only costing your company untold resources and potentially damaging your reputation. Its, therefore, imperative that you provide the right systems training for your employees.

4. Protect Your Customer Data

Protecting the privacy of customers isnt just a problem for global giants such as Google and Facebook to worry about. Whatever the size of your business, the consequences for bad data protection can be severe, from negative publicity to legal action. Can you be sure you know where all your customer information is stored? Evaluate your companys data encryption practices, because these need to be reviewed regularly. As a result of not doing that, some Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk
companies are now unknowingly using encryption technology incorrectly. Many leading experts now advise whole-disk encryption as opposed to encryption at file-level especially for employees who manage customer data on mobile devices or PCs. Data encryption standards can change at a rapid rate and businesses that encrypt data according to standards of a few years ago, may be easily breached today.

5. Choose Top-Tier Antivirus And Firewall Protection

If you run a small business of less than 100 employees, an effective internet security strategy is a must; and small business antivirus software is an imperative component. This is one step ahead of individual-user security for each PC, offering extra benefits such as the capacity to install and run all PC installations from a central location.

References:
1. http://www.smb-gr.com/wpcontent/uploads/2012/pdfs/SAP_Business_All_in_One_paper3.pdf

Copyright 2013 ESET UK ALL RIGHTS RESERVED

www.eset.co.uk

Additional Resources
Please click on the links below for more helpful tools and information; Free online scanner Glossary of computer threat terms ESET Threat Centre

Copyright 2013 ESET UK ALL RIGHTS RESERVED