SECURITY THREATS: A GUIDE FOR SME WHITEPAPER
This paper aims to help SMEs focus on threats that are likely to have an impact on, and affect, the organization. These threats specifically target SMEs rather than enterprise companies or home users. These threats include:
Malware is a term that embodies computer viruses, worms, trojans and any other kinds of malicious software. Employees may unknowingly install malware into the companies network as they may be attached to emails or when visiting malicious sites. Companies are also vulnerable to threats like phishing where employees can be tricked into revealing sensitive information.
The paper goes further to describe attacks on physical systems for example theft of company or employee personal computers and or other devices as a major security issue for organisations. Unprotected end points(e.g USB ports and DVD drives) are also vulnerable to attacks. The paper explains how these end points can be used to introduce malware into the network or leak company data. Also the physical protection of server rooms should never be neglected.
The paper goes on, stating the vulnerability of password and other authentication tokens and how passwords can be protected by using password policies. The paper explains how because of company staff size one employee may be required to perform a vast range of task and require various levels of privilege on the network, the company might be at risk giving such privileges to one person.
Denial of Service (where legitimate system users are denial access to a service) is another threat described in the paper.
Furthermore, the paper describes steps to take to address security issues including installing antiviruses and organising security awareness programs to keep employees always conscious of the threat and steps to prevent them. Other steps suggested in the paper include end point security, setting up and communicating security policies, using role separation techniques.
The white paper will be perceived as very helpful for SME managers providing them with information on security threats and steps to help mitigate risk.
Dafe Ojoboh's Blog 