In Clear, Present and Growing Danger

In 2009, 55 percent of mid-sized and large organizations reported that malware had successfully infiltrated their network through the Web. Is your company protected?

May 7, 2009
by Sukanya Mitra

Malware is a word you hear all around and it seems to springing up everywhere and making its presence felt. “It’s a very critical issue,” said Michael Osterman, principal analyst at Osterman Research, a market research firm, at a recent MessageLabs/Symantec Webcast. “Companies have a major issue on their hands, making users and companies quite vulnerable to a variety of Web-based attacks.”

An Osterman Research survey found 1,068 new malware-carrying sites were discovered per day in January 2008. Nine months later, the number had jumped 400 percent, to 5,500.

So far this year, 55 percent of mid-sized and large organizations have been infiltrated.

Unfortunately malware makes no exceptions and has compromised Web sites of many legitimate businesses such as Business Week, the United Nations, the Miami Dolphins, U.S. Department of Homeland Security and U.S. Environmental Protection Agency among others. Quips Osterman, “More than one security vendor’s Web sites has also been hacked!”

Malware and Web-Based Threats for CPA Firms

Should CPAs and financial execs be concerned about malware? “Malware hits us from all over. The recent proliferation of social networking sites and the use of mobile devices to surf places that we [have] never before ventured is causing new ways for malware to enter our systems,” said James Bourke, CPA.CITP, partner at New Jersey-based WithumSmith+Brown, PC. “We are constantly working to educate our staff and plug potential holes where malware could threaten the organization.”

So what’s the worse-case scenario? If malware attacks your company’s system, chances are:

  • Your company’s network performance will suffer;
  • Your company’s storage costs will increase;
  • Malware can automatically be downloaded onto unknowing visitors’ computers;
  • Sensitive data will be breached; and
  • Organizations whose data has been breached will suffer substantial losses.

Malware can get into your firm’s network via the traditional ways such as desktop computers, laptops and notebooks as well as mobile devices. As more and more people begin telecommuting, employees’ home computers have a tremendous risk of downloading malware especially if their home PCs and laptops are not fitted with the best malware detection software.

Tips on Protecting Your Firm

“You need to establish sound and detailed policies on how employees use the Web, types of applications they run, what they can and cannot download and access in general,” said Osterman.

Osterman provided the following tips on how CPAs and financial execs can curb malware from entering their networks:

  • Create formal and detailed policies for employee use on the Web;
  • Maintain good Web Anti-Virus and Anti-Spyware defenses;
  • Block (carefully) non-business Web sites;
  • Filter content for unwanted file types;
  • Host your own Web defenses and consider their benefits:
    • Can be very proactive against threats, especially new ones;
    • Effective at blocking users;
    • Can save bandwidth and storage;
    • Can offer granular controls;
    • Frees internal IT staff; and
    • Potentially lower predictable costs.

Final Thoughts

Web threats are getting worse. To beat or curb it, 22 percent of organizations report that they will spend more on Web security this year as compared with last year. Nearly half (48%) expect to spend the same amount.

What steps can accounting firms and finance departments take to ward off these threats?

Bourke sums it best. “Nothing is better in a first-line defense than education of staff. Staff need to be educated about things to do and not to do in social networking sites. In addition, they need to be aware that sites visited on a mobile or remote device have the potential to expose the firm to the same level of vulnerability as if they were surfing from their desktop.”

Rate this article 5 (excellent) to 1 (poor).
Send your responses here

Sukanya Mitra is Managing Editor of the Insider™ e-newsletter group.