小型企业基本网络安全指南

文章撰写者:Timothy Shim
  • 安保
  • 更新:Oct 09,2020

网络安全事件可能会对业务造成毁灭性影响,2019年平均损失成本超过 $ 200,000每个事件。 However, the cost can extend well beyond finance and small businesses may not withstand the blow to their reputation.但是,成本可能会远远超出财务范围,并且小型企业可能无法承受对其声誉的打击。

Despite cyber security as a whole being an extensive field, there are many areas where small businesses can take quick action.尽管整个网络安全是一个广泛的领域,但是在许多领域中,小型企业可以采取快速行动。 These proactive steps can even significantly prevent, or reduce the impact of most common incidents.这些主动步骤甚至可以显着预防或减少最常见事件的影响。

随着世界数字化的发展,由小企业主负责其网络防御的问题变得更加紧迫。

尽管您可能不想花时间来了解网络安全的复杂性,但企业的未来可能完全取决于您这样做。

网络事件的平均成本($)
网络事件的平均成本($)

This guide is meant for small business owners who have any form of digital assets (this can be anything connected, even a simple business email).本指南适用于拥有任何形式的数字资产(可以是连接的任何东西,甚至是简单的企业电子邮件)的小型企业所有者。 Invest a little of your time so that花一点时间,以便 您的业​​务可以继续发展,创新并为客户创造价值


网络安全威胁的类型

With so many types of attacks that hackers can carry out, business owners should at least take note of some key tangents.黑客可以进行多种类型的攻击,因此企业主至少应注意一些关键要点。 Regardless of their main objective, any of these methods can cause harm to your business in ways that might take ages to unravel, if at all.无论其主要目标是什么,这些方法中的任何一种都可能会破坏您的业务,甚至可能需要很长时间才能解决。

高级持久威胁(APT)

These long-term targeted attacks are mainly intended to steal, spy or disrupt.这些长期的针对性攻击主要是为了窃取,监视或破坏。 Intrusion into networks may be carried out stealthily and in various stages.入侵网络可能是在不同阶段秘密进行的。 Once access is gained, attackers may not even do anything for extended periods of time – waiting for strategic moments to strike.一旦获得访问权限,攻击者甚至可能长时间不执行任何操作–等待重要时刻来临。

著名的APT攻击: 鬼网, 泰坦雨

分布式拒绝服务(DDoS)

DDoS攻击旨在通过向其充斥请求和信息来破坏网络或网站的运行。 When the server can no longer cope with the flood, services will start failing and eventually shut down.当服务器无法再应对洪灾时,服务将开始出现故障并最终关闭。

著名的DDoS攻击: Github上, Spamhaus的, 美国银行

網絡釣魚

Phishing is a very common cyber security threat.网络钓鱼是一种非常常见的网络安全威胁。 It is the act of sending fraudulent emails that resemble legitimate ones in order to entice recipients to send back sensitive data.这是发送类似于合法电子邮件的欺诈性电子邮件的行为,目的是诱使收件人发送回敏感数据。 Phishing attacks normally aim to capture user credentials such as usernames and passwords, or even financial information.网络钓鱼攻击通常旨在捕获用户凭据,例如用户名和密码,甚至财务信息。

著名的网络钓鱼案例: Facebook和谷歌, 克里兰银行

勒索

Over the past number of years, Ransomware has gained popularity and targets a wide range of victims.在过去的几年中,勒索软件已经普及并针对广泛的受害者。 Unknowing victims may find their entire hard drives encrypted with a note asking them to pay a 'ransom' for a decryption key.不知情的受害者可能会发现他们的整个硬盘驱动器都带有注释,要求他们支付“赎金”以获得解密密钥。 Users who don't pay normally lose all their data.不付款的用户通常会丢失所有数据。

著名的勒索软件案例: WannaCry, 坏兔子, Locky

网络保护您的业务

For small businesses aiming to ensure that their networks have a chance to be protected against common attacks, installing basic security software is essential.对于旨在确保其网络有机会受到一般攻击保护的小型企业,安装基本的安全软件至关重要。 However, software alone may not be sufficient.但是,仅软件可能还不够。

让我们考虑一下数据可以用于许多业务的方式。

  • 机密通信可以通过电子邮件发送
  • 办公室内外的设备可以无线传输数据
  • 各个设备可能直接连接到Internet
  • 远程工作者可以登录公司服务器
  • 同事可能会使用通讯应用进行交流
  • 和更多。

As you can see, there are so many potential points of entry where a hacker can gain access to any part of your company's operations.如您所见,黑客有许多潜在的切入点,黑客可以访问您公司运营的任何部分。 Unfortunately, for small businesses to build solid networks behind strong firewalls may be a little costly.不幸的是,对于小型企业而言,在强大的防火墙之后建立可靠的网络可能会有点昂贵。

要变通解决此问题,可以实现至少基本的设备级安全性以增强防御能力。


1.启用防火墙

Many businesses run computers on Microsoft Windows, which comes with a built in firewall utility.许多企业在Microsoft Windows上运行计算机,该计算机带有内置的防火墙实用程序。 These software-based versions are less effective than hardware firewalls but at least offer some basic protection.这些基于软件的版本不如硬件防火墙有效,但至少提供了一些基本保护。

Software-based firewalls are able to monitor data traffic in and out of devices, acting as a security guard to your device.基于软件的防火墙能够监视进出设备的数据流量,充当设备的安全防护。 If you're running Windows, make sure you如果您运行的是Windows,请确保 保持Windows防火墙处于打开状态.

您还可以考虑:

NetDefender

netdefender-免费的防火墙应用程序

NetDefender –这个免费的防火墙应用程序不仅可以监视您的数据,还可以让您设置哪些规则可以在网络中移动或不能移动。 For example, you can restrict the browsing that your employees do.例如,您可以限制员工进行的浏览。

ZoneAlarm的

区域警报-用于保护您的网站的多功能工具

ZoneAlarm的 –集成了防火墙和防病毒功能,ZoneAlarm是业务用户的一个很好的多功能应用程序。 It safeguards against almost all types of threat from $39.95/year.每年XNUMX美元起,它可防御几乎所有类型的威胁。

Comodo

Comodo个人防火墙-防火墙和防病毒工具

Comodo个人防火墙 – Comodo提供免费和商业版本,在安全业务方面也享有很高的声誉。 It offers comprehensive coverage for multiple threat types for only $17.99/year.它提供多种威胁类型的全面覆盖,每年仅需$ XNUMX。


2.使用虚拟专用网

Virtual Private Networks (VPNs) are very handy tools that let you secure all data being transmitted from your devices.虚拟专用网络(VPN)是非常方便的工具,可让您保护从设备传输的所有数据。 They make use of secure communication protocols and high levels of encryption to ensure that anything you send or receive is confidential.它们利用安全的通信协议和高级别的加密来确保您发送或接收的任何内容都是机密的。

ExpressVPN

expressvpn-一种vpn工具,可在传输时保护您的数据

ExpressVPN – VPN业务中最知名的名称之一,包括 网络锁开关,私有加密的DNS服务器,广告拦截器等。

Using a VPN not just secures devices in the office, but on the moves as well.使用VPN不仅可以保护办公室中的设备安全,还可以保护移动中的设备安全。 This means that so long as your employees and yourself are using a VPN you can safely work from any location around the world.这意味着,只要您的员工和您自己都在使用VPN,就可以在世界各地安全地工作。

您可以在我们的评论中了解有关ExpressVPN的更多信息.


3.保留数据备份

All businesses should make regular backups of important data.所有企业都应定期备份重要数据。 Critical data such as customer details, invoices, financial information, and more are all vital to your business.客户详细信息,发票,财务信息等重要数据对您的业务至关重要。 If that data is lost, it would be a disaster.如果这些数据丢失,那将是一场灾难。

Creating regular backups can ensure that all important data can be restored at any time.创建常规备份可以确保可以随时还原所有重要数据。 Even better, backups can easily be automated so that manpower isn't wasted on doing routine things like this.更好的是,备份可以很容易地实现自动化,这样就不会将人力浪费在执行此类日常工作上。

Today, there are many easy to use and inexpensive data backup applications or services suitable for small businesses.如今,有许多适合小型企业的易于使用且价格便宜的数据备份应用程序或服务。 Some you might like to try include;您可能想尝试的一些包括;

的Acronis

Acronis-面向消费者和企业的备份解决方案

的Acronis True图片 – Acronis是备份解决方案的流行提供商,为各种规模的消费者和企业提供屡获殊荣的备份软件和数据保护解决方案。 It is the fastest software we've tested so far for backing up full disks.这是迄今为止我们测试过的最快的软件,用于备份完整磁盘。 Prices start from as low as $69/year.价格低至每年XNUMX美元起。

EASEUS

easeus-窗口备份软件可保护您的数据

EaseUS ToDo备份主页 – EasUS提供改进的界面和丰富的功能列表,支持Dropbox和其他基于云的存储解决方案,从而可以轻松集成到业务运营中。 Prices start from $29.99/year.价格从每年XNUMX美元起。

If you don't want to use a dedicated backup software, at the very least make use of Cloud storage and perform manual backups.如果您不想使用专用的备份软件,则至少要利用云存储并执行手动备份。 Using Cloud storage means that your data is separate from your geographical location, reducing risk from physical damage.使用云存储意味着您的数据与地理位置是分开的,从而减少了物理损坏的风险。


4.保持软件更新

黑客获得系统访问权限的最常见方式之一是通过软件漏洞。所有软件都有弱点,开发人员在弥补这些漏洞后通常会发布补丁和更新。

Failing to ensure that all the software you use is kept updated is only going to raise your risk profile.无法确保您使用的所有软件都保持最新状态只会增加风险。 Keeping so many devices up to date can be a chore, especially if you don't have an IT department to reply on.保持如此多的设备最新可能是一件繁琐的事情,特别是如果您没有IT部门可以回复的话。

Thankfully, many applications can be set to auto update, so make sure to check with the vendors of the software which you are using.值得庆幸的是,可以将许多应用程序设置为自动更新,因此请务必与正在使用的软件的供应商联系。 There are also other ways you can keep software updated such as by using utilities like IObit Updater.您还可以通过其他方式来保持软件更新,例如使用IObit Updater等实用程序。

IOBIT

iobit-软件更新工具,可让您的程序保持最新。

IObit更新器 – IObit更新器是一个精巧,轻巧的应用程序,专注于帮助您保持其余已安装内容的更新。 It monitors the programs and either reminds you when updates are available, or can update them automatically on its own.它监视程序,并在更新可用时提醒您,或者可以自动更新它们。

For all your IT devices, make sure that software is always up to date.对于您的所有IT设备,请确保软件始终是最新的。 Regular updates are critical to ensure that security can be improved.定期更新对于确保安全性至关重要。 Operating systems, programmes, and softwares should all be set to automatic updates where possible.操作系统,程序和软件都应尽可能设置为自动更新。


5.始终使用Internet安全应用程序

Antivirus software should be used on all devices, from PCs to laptops and mobiles.从PC到笔记本电脑和移动设备,所有设备均应使用防病毒软件。 Most reputable Internet Security companies such as最知名的互联网安全公司,例如 赛门铁克 or 迈克菲 有针对小型企业所有者的特殊计划,这将使他们可以使用一个许可证来保护所有设备。

You can also choose from different types of Internet Security applications.您还可以从不同类型的Internet Security应用程序中进行选择。 Some basic ones may only offer anti-virus features, while more comprehensive versions will come fully loaded with multiple features.一些基本的版本可能仅提供防病毒功能,而更全面的版本将完全加载多个功能。


简而言之,网络安全

Cyber security is the defence of systems, networks, programs, and even data from digital attacks.网络安全是防御系统,网络,程序乃至来自数字攻击的数据的防御。 Cyber threats on the other hand are the elements that cyber security guards against.另一方面,网络威胁是网络安全防范的要素。 These threats are designed to do some form of harm to the companies or individuals they target.这些威胁旨在对目标公司或个人造成某种形式的伤害。

Common types of cyber threats include viruses, malware, ransomware, phishing attacks, and more.常见的网络威胁类型包括病毒,恶意软件,勒索软件,网络钓鱼攻击等。 The complexities of guarding against many cyber threats vary widely depending on how persistent attackers are.防范多种网络威胁的复杂性因攻击者的持久性而异。

在网络安全方面,我们使用诸如防病毒程序,防火墙,恶意软件检测器,脚本阻止程序之类的工具以及旨在抵御上述威胁的其他工具。

为何黑客针对小型企业

由于针对公司的针对性网络攻击而导致的信息丢失成本在5.9年平均累积2018万美元。
由于针对公司的针对性网络攻击而导致的信息丢失成本在5.9年平均累积2018万美元(来源).

Hackers don't always target small businesses, but the percentage has been shown to be relatively high.黑客并不总是以小型企业为目标,但事实证明,这一比例相对较高。 To understand why small businesses are involved, you need to have a general understanding of cybersecurity incidents.要了解为什么涉及小型企业,您需要对网络安全事件有一个总体的了解。

As business owners, the majority of us are primarily concerned about our finances.作为企业主,我们大多数人主要关心我们的财务状况。 However, hackers can have many more intentions than simply trying to steal money.但是,黑客可能有更多意图,而不仅仅是尝试偷钱。 For example, they may try to shut down your digital operations temporarily, damage your business reputation, or simply be having fun.例如,他们可能试图暂时关闭您的数字业务,破坏您的商业声誉或只是开心。 While that may sound offensive, the point is that there are multiple possible reasons why.尽管这听起来令人反感,但关键是有多种可能的原因。

Next we come to the average small business owner, who like me, wants to focus on providing an excellent product or service to the customer.接下来,我们来到像我这样的普通小企业主,他们希望专注于为客户提供优质的产品或服务。 This focus often acts as a blinder to us, leading us to forget other important areas such as cyber security.这种关注常常使我们视而不见,使我们忘记了其他重要领域,例如网络安全。

We also often don't have the resources larger companies do, so it's a matter of economics of scale.我们通常也没有大公司拥有的资源,因此这是规模经济的问题。 The lower the defences a business has, the less effort a hacker needs to put into the attack for it to succeed.企业的防御能力越低,黑客投入攻击以使其成功所付出的努力就越少。

To compound things, implementing effective cyber security measures is particularly challenging today.更复杂的是,实施有效的网络安全措施在今天尤其具有挑战性。 Urbanized areas have more devices than people and attackers are adopting increasingly creative methods of attack.城市化地区的设备数量超过了人们,攻击者正在采用越来越有创意的攻击方法。

最后的思考

As you can plainly see, the Internet today can be a very dangerous place, especially so if your business relies on it.您可以清楚地看到,当今的Internet可能是一个非常危险的地方,尤其是如果您的企业依赖它的话。 Since so many of us are connected digitally, the threat carries over even into our personal lives.由于我们中的许多人都是数字化连接的,因此威胁甚至会延续到我们的个人生活中。

As a business owner, you need to be able to safeguard not just your own devices, but all devices used by your employees.作为企业主,您不仅需要保护自己的设备,而且还要保护员工使用的所有设备。 Since everything is connected, you are only as strong as your weakest link.由于所有内容都已连接,因此您的实力与最薄弱的环节一样强。

Finally, I hope that I've given you some ideas on how you can implement some rudimentary security measures without breaking the bank.最后,我希望我给了您一些想法,使您可以在不中断资金的情况下实施一些基本的安全措施。 Take your security as seriously as you can – your business depends on it.尽可能认真地对待安全性-您的业务取决于它。

另请阅读

关于Timothy Shim

Timothy Shim是一位作家,编辑和技术爱好者。 从信息技术领域开始他的职业生涯,他迅速进入印刷领域,并与国际,地区和国内媒体合作,包括ComputerWorld,PC.com,Business Today和The Asian Banker。 他的专长在于消费者和企业的技术领域。