Last week, the FBI warned that politically motivated hackers could be targeting companies in the United States. Middle East violence between Israelis and Palestinians is fueling a sort of cyber war. So far, hacking has been limited to Israeli and Palestinian sites, with the most common acts being e-mail flooding, denial-of-service attacks, and defacing Web sites. Hackers on both sides, however, are threatening the sites of those U.S. businesses and government agencies perceived to be allied with the opposing side.
And, according to Gartner, small and midsize companies are most at risk because of their limited security resources.
So how can small enterprises reduce their chances of falling prey to these attacks? Here are four tips from Gartner network security analyst John Pescatore:*
- Perform security audits and risk assessments. Pescatore recommends that the audit or risk assessment include an internal network security audit and an external penetration test. It should be performed at least once a year by a firm that specializes in security.
- Configure a firewall. Because of the potential for errors when setting up a firewall, small companies should use a firewall appliance that provides a base level of security. Setting up the firewall should not require detailed security knowledge, according to Pescatore. You should investigate managed firewall and intrusion-detection services from service providers. These services usually cost less than the salary of a half-time firewall administrator, he added.
- Utilize boundary services. Companies should scan all incoming e-mail for viruses and use either desktop or server-side antiviral protection.
- Use consolidated remote access with strong authentication. If you provide dial-in access to e-mail and other company services, eliminate desktop modems and use consolidated modem pools and remote access servers. Pescatore also recommends using hardware tokens to authenticate remote users.
(TechRepublic is an independent subsidiary of Gartner.)
*Pescatore’s full commentary on the threat of politically motivated attacks is available at CNET.
Do you have any simple but effective tips to share with other IT executives? If so, we’d love to see them! E-mail us your tips or start a discussion below.