How much for your ID?

As Lee Sharrocks, consumer sales director for Symantec UK, told me, “It’s a multibillion-dollar criminal industry and identities are becoming cheaper and easier to buy online. With the introduction of software toolkits to provide access to the technology needed to become involved in these identity scams, we can only expect this trend to continue to grow, so the need for consumer vigilance is higher than ever.” And for once I’m not going to take issue with anything that Symantec has just told me.

Size does matter

Not to be outdone, McAfee has also been hot on the report-publishing trail, sending me some juicy findings from research into the security challenges facing the average small-to-medium-sized business today. Sampling the opinions of more than 600 decision makers from SMBs across Europe, its Does Size Matter? The Security Challenge of the SMB report reveals the following numbers:

90% believe they’re adequately protected from attack.

73% admit that online availability is critical to their business.

58% consider themselves not a “valuable target” in the eyes of cybercriminals.

58% aren’t concerned about becoming a victim of cybercrime.

56% think cybercriminals cannot make money from them.

47% believe cybercrime is an issue for only larger organisations.

45% believe not being well known means they’re not at risk.

36% admit to accepting hardware and software default settings.

28% spend only an hour a week on proactive IT security management.

19% acknowledge that an attack might put them out of business.

Looking at those numbers leaves me wondering whether some people have any idea about what’s going on in their business when it comes to IT security, or rather what won’t be going on once their lack of strategic foresight rebounds to bite their corporate ass. It isn’t just the attack itself, or even the downtime that results, but also the decreased long-term productivity, loss of competitive edge and devaluing of reputation that have to be considered. The notion that because you’re a small fish in a big pond your company is invisible to attack is ludicrous, as is the idea that cybercriminals aren’t interested in your puny data because someone else has more. The cybercriminal looks for the easiest victim, so given a choice between 50 small companies with inadequate security or a single giant corporation with ironclad defences, guess which they’ll attack? There’s some value to be ripped out of every business, irrespective of size. For once, think old school, think “size does matter” and use some protection.

Face up to Facebook

The trouble with Facebook is that, aside from allowing you to find new friends and then find their friends, putting all your personal information – from your pet’s name to your ten favourite films – online for the whole world to look at just makes the cybercriminal’s life that little bit easier. It’s also a colossal time-waster. People can “poke” you to see if you’re alive and you can “poke” them back, out of politeness or stupidity. People let you know that they’ve just got out of the bath and are wearing green socks – all of which is fine, if remarkably unimportant, if you’re at home. However, if this happens during working hours, using a work computer attached to a work internet connection, then that quickly becomes a problem for your employer.

In fact, according to recent analysis by web security outfit ScanSafe, as many as a third of employers now block access to social-networking sites in order to try to refocus employees’ attention where it should be – on work. ScanSafe has seen the number of its own customers blocking such sites rise by 17% over the course of the past year, and it isn’t just Facebook that’s to blame – YouTube, LinkedIn, Bebo, MySpace and Photobucket are all right up there when it comes to time-wasting in the workplace. Employers are fighting back against these new cyberslackers with more than just connectivity blocks: Acceptable Use Policies (AUPs) are also being wielded to batter online offenders into submission.