1. End of Windows XP Support April 2014
2. Two Factor Authentication
3. Password Management
4. Annual Security Audits
5. Java Vulnerabilities
Foreword:
Small Businesses experience difference risks than bigger companies. Fortunately, the intimacy of many small businesses means that they naturally avoid some of the more difficult to management risks of large companies. But they still have very real problems to deal with, and the results of a breach can sometimes be so substantial as to put a small business out of business. These five trends are mostly big business solutions that have now become affordable for small businesses, that we have observed while providing IT Support services to our clients in Fort Myers, Naples and Chicago, Enjoy!
1. Good-bye Windows XP!
When Windows XP was first released in 2001, no one expected that in 2013 it would still be this prevalent. The Microsoft Operating System has showed incredibly staying power, both because of its reliability, and because of the huge flop that Microsoft Experienced with Windows Vista. Enterprises and end users both aggressively avoided Windows Vista, which caused many organisations to dig it for the long haul. As a result many organisations are not properly prepared for the change from Windows XP to Windows 7 or Windows 8. In April 2014 Microsoft is going to complete end support for Windows XP, which means that anyone still using it will not be able to update the operating system, meaning it will quickly become a haven for viruses and other malware. Any businesses that still have computers running Windows XP need to start making plans right now to phase these systems out in anticipation of next year. This may mean updating major business software or changing vendors. Alternatively, as a last resort small businesses can work with their IT Consultants to take machines that have to continue running Windows XP, and isolate them from threats in order to allow them to continue operating without risk of infection. All in all the death of Windows XP represents a huge step forward.
2. Two Factor Authentication
Two Factor Authentication has been around for a very long time, and has been popular in certain niches, specifically with certain banks for almost a decade. However, this year is the first year where many large and medium size businesses are actively pushing for their use on more than just the most sensitive systems. Two Factor Authentication can present itself in a few ways. In short, all a second “factor” of authentication means, is that you are logging in with more than just a username and a password. The most common second form of authentication is a card, a fob, or some sort of device or software that generates numbers which can be entered into the secure system. A simple way to explain “two factor authentication”, would be an ATM card. The card itself represents “something you have”, whereas the PIN Code represents “something you know”, the combination forms two separate and complementary forms of authentication. A password on the other hand only contains two things that you know, the username and the password. This makes two factor authentication much more effective at securing sensitive information than a username and password alone. Although implementing a full two factor system for your small business might be prohibitively expensive, a lot of business IT products already include easy to add support for two factor. Many Banks already offer fobs, or cards at a low cost that allow you to lock down your banking information. Many Password Management tools, and cloud based storage providers, including Google Apps and Exchange support Two Factor Authentication. Small Businesses differ from larging businesses in that they don’t need Two Factor at every level of their businesses, but by adding them at strategic points they can very effectively limit the chance that cybercriminals will be able to do any substantial damage.
3. Password Management Tools
Five years ago, if you asked a small business owner how he their company controls access to their critical business software, the likely answer was “well we all use the same password for everything so everyone knows how to get in”. A few difficult firings, and a few hacked email accounts lately, and small business owners are starting to get on board the train. Password Management Tools like LastPass allow small businesses to store all of their passwords in a central vault that automatically fills in the username and password to websites for users. Furthermore, small business owners can elect to hide the passwords from their employees so that they cannot access sensitive websites from home. These tools, are very expensive (LastPass for example is 2$/month) and help mitigate the largest source of risk, the risk that comes from disgruntled employee turnover.
4. Annual Security Audits
If three years ago, one of our local Business IT Support customers here in Fort Myers, Florida would have called us and asked us specifically to perform a security audit of their office, I would have immediately assumed that an incident had already happened. Now we’re getting routine requests from clients concerned about how they can lower their risk. An annual risk assessment and audit is not very expensive at all for small businesses, and also covers a lot of regulatory compliance obligations. For example, if your business accepts credit cards, you already must complete an annual risk assessment to comply with PCI-DSS. Many Credit Card Processors try to automate this process with “automatic scan tools”. Unfortunately these scan tools do almost nothing to actually ascertain the businesses’ real risk profile. An IT Security Professional can quickly identify the real risks to the small business, so they do not potentially waste hundreds or thousands of dollars on ineffectual training, specialized equipment, or useless services. It’s becoming increasingly common for our clients in Cape Coral, Fort Myers and Chicago to call us just to come by their place of business and educate them on what’s real and what’s hype in terms of what their real risks are. Usually within two hours, we can send them on the right track and substantial educate their team as to what they need to watch out for.
5. Java Vulnerabilities
First of all, what is Java? Most casual computer users think of a cup of coffee, or the constant pop-up they get from Sun Java on their computer asking them to update to the latest version. Java, which was originally produced by Sun Microsystems and now is an Oracle product is something like a middle man for your computer. Java is an easy way for computer programmers to write one programme and then have it work on a number of different Operating Systems (Windows, Mac, Linux). Although very popular at one time, Java’s popularity is waning. This trend has been accelerated in the face of a litany of large security issues identified with it over the last two years. In 2013 expect Java’s decline to further increase, and to see companies looking to either remove Java from their systems, or highly regulate it. Small Businesses should look into products that automatically update their Java to the latest version, or work with an IT professional to make sure that Java is effectively locked down on their systems, or removed entirely.
