Securing Your Small Business Network

2 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Introduction

Types of Online Risks

Small Business Network Vulnerabilities

Calculating the Impact

Recommended Security Practices

Overview of Symantec Solutions

1

2

3

4

5

6

Agenda

3 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

The Internet Has Changed Business Forever

► Turn back the clock 10 years… Did you have an email address? Web access? A Web site?

► The Internet has redefined business dynamics 48% of small businesses in the U.S. have Web sites 163 million Americans have an email address 185 million Americans use the Internet

► The good news is that you can: Gather information more quickly Increase communications with your customers/vendors Transact business more efficiently

Sources: Pew Internet Survey 2004, Computer Industry Almanac, 2004Kelsey Group, 2004

4 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

The Bad News: Computer Security Risks

► Did you realize that you open your business to potential risk whenever you…

Download something from the Web? Open an email attachment? Leave your computers connected to a broadband connection? Insert removable media (CD-ROM, DVD-ROM, flash drive) into one of

your business’s computers? Access the Internet wirelessly? Let a guest user onto your business network?

The security of your business is up to YOU!

5 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

The Impact of Poor Security

► Over $11 billion in damages worldwide Between just a few months: Feb. 2004 and May 2004 From just MyDoom, Netsky, Bagel, and Sasser virus outbreaks

Source: Computer Economics, Inc. June 2004

6 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

The Impact of Poor Security

► U.S. CSI/FBI Survey (among 269 respondents) * Estimated total loss of $141 million due to virus outbreaks in 2003

• 19% in small businesses with <100 employees $524K average loss per respondent Attack types and percent experiencing them

• Virus outbreaks 78%

• Internal abuse of Web access 59%

• System penetration 39%

► An estimated 57MM Americans have received emails from “phishers” (Gartner, May 2004 survey)

Cost of phishing attacks to U.S. banks in 2003 $1.2b (Symantec)

* Source: CSI/FBI Computer Crime and Security Survey, 2004

7 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

What Are You Up Against?Types of Risks

► Malicious Code Worms, Viruses, Trojan Horses

► Hackers Information theft/Privacy Violations, Spyware, Phishing, Denial of

Service, Application Vulnerabilities

► Time Wasters Adware, Spam Email, Popup Ads, Data Loss

8 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

What Are You Up Against?Malicious Code

► Virus A malicious program that attacks PCs and Macs by infecting other

files on the computer

► Worm A malicious program designed to spread itself to as many other

computers as possible via the Internet, sometimes taking over the victim’s email address book

► Trojan Horse A malicious program that pretends to be a useful or friendly

program, such as a screen saver, game or other type of utility

Source: SecurityFocus

The “Blaster” worm alone inflicted $1.3 billion in damageto U.S. Businesses in 2003

9 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

What Are You Up Against? Hackers

► Privacy Violations Intrusions into your business’s computer systems for personal information

belonging to you, your company or your customers, often credit card numbers► Spyware

Small applications that monitor your Web usage and report it to a marketing service

Key stroke loggers that capture data and steal passwords

► Phishing Fraudulent schemes in which a hacker pretends to be a legitimate company or

authority to get you to reveal personal information willingly

► Denial of Service An attack that ties up a Web server so that your customers, vendors, and partners

can’t access your site

Source: CSI/FBI Computer Crime and Security Survey, 2004

70% of businesses reported at least one security breachfrom external sources this year

10 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

What Are You Up Against? Time Wasters

► Adware Software that displays banner ads even when the host computer is not

connected to the Internet

► Spam, Popup Ads Spam email: unsolicited email, often sent under false pretences Popup Ads: ads that open in a new browser window on top of the Web

page you were viewing

Source: Symantec/Brightmail, 2004

As much as 65% of all email traffic in 2004 is spam

11 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

months

days

hrs

mins

secs

ProgramViruses Macro

Viruses E-mailWorms Network

Worms

FlashWorms

Co

nta

gio

n P

eri

od

Evolution of Virus/Worm Threats

► We’ve reached an inflection point where the latest threats now spread orders of magnitude faster than our ability to respond with traditional technology

1990 Time 2005

Contagion Period

12 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Threat Sophistication

At its peak, 1 out of every 12 emails was infected with MyDoom!

Code Red doubled its infection rate every37 minutes. Slammer doubled every 8.5 seconds, and

infected 90% of unprotected servers in 10 minutes!

Blaster razed networks just 27 days after the vulnerability was publicly disclosed!

13 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Understanding Your VulnerabilitiesInternet Gateway

14 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Understanding Your VulnerabilitiesFile Server / Mail Server

15 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Understanding Your VulnerabilitiesDesktop

16 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Understanding Your VulnerabilitiesRemote Users

17 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Calculating the Impact on Your Business

► How to calculate the cost of a virus infecting your network and damaging your information

List the number employees in your business Calculate an average hourly compensation per employee Think about what files and work might need to be re-created after a

loss: customer database, client reports, project files, and schedules, contracts, etc.

Estimate the amount of time required to re-create lost databases, financial files, and other work per employee

Multiply the time required by the number of employees affected by the average hourly compensation

This is the cost of one virus damaging desktop files one time only – It doesn’t include the cost to have your software or hardware

professionally repaired or replaced.

18 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Calculating the Impact on Your Business

Number of Employees 12

Average Hourly Wage $25.00/hour

Spam: Minutes Each Day / Person: 5

Hours Each Year / Person: 5 x 4 = 20

20 hours

Viruses: Annual Downtime / Person 15 hours

Total Annual Hours / Person (20 + 15 = 35) 35 hours

Annual Cost to Business / Worker (35 hours x $25/hr = $875) $875

Annual Cost to Business ($875/person x 12 = $10,500) $10,500

19 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Recommended Security Practices

1. Prevent infection with antivirus software Install antivirus on all desktops, laptops, and servers Check for virus definitions daily or set for automatic updates

2. Stop intruders with a firewall Use a firewall on all desktops, laptops, and servers

3. Stay on top of security updates Deploy security patches and fixes as soon as they are available Use the latest operating system versions

4. Create strong passwords and change them frequently Don’t allow Web browsers to remember passwords/private data

5. Open email responsibly Scrutinize attachments before opening them; avoid ones with unusual

extensions Don’t open or reply to unsolicited mail

20 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Recommended Security Practices, cont.

6. Browse the Web with caution Don’t ever give personal information to a Web site unless you see a small

padlock or key icon in the browser’s toolbar Don’t type confidential information in Instant Messaging/Chat programs

7. Back up regularly Back up vital data daily and store critical backups offsite

8. Make remote connections secure Require remote users to use antivirus and firewall software Use a Virtual Private Network (VPN)

9. Lock down wireless networks Install a firewall at the wireless access point

10. Ensure the physical security of your equipment Never leave wireless devices unattended Use the screen locking feature when you leave your computer

21 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Symantec Small Business Product Line

Desktop and Server Protection

Desktop Protection

Point ProductsPoint Products Suites/IntegratedSuites/Integrated Additional TierAdditional Tier

22 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network

Who is Symantec?

Global leader in information security #1 global leader in antivirus and antispam software*

Offers a broad range of software, appliances, and services for: Home and home office Small and mid-sized businesses Large enterprises

Operating in over 35 countries worldwide Insight from monitoring a sensor network of more than 20,000

corporate customers, and millions of personal PCs

** Sources: IDC – Secure Content Management 2004-2008 Forecast Update and 2003 Vendor Shares; Aug 2004

Worldwide Antispam Solutions 2004-2008 Forecast and 2003 Vendor Shares December 2004

Thank You

Questions and Answers