Symantec Screwed Up: What it Means for Your Business

symantecIf you’re currently using any Symantec or Norton products: Update Them Now!

On Tuesday, June 28, 2016 Google Project Zero researcher Tavis Ormandy discovered that the vulnerabilities in Symantec’s software were, “As bad as it gets.” Ormandy cited key problems in the way Symantec manages executable code that is received packed, or compressed. Packed executable code has the ability to hide malware, and Symantec uses unpackers to reveal the original form of the unknown files.

The issue is…

Symantec unpacked these files in the operating system’s kernel. This gave malware the capability of completely controlling the computer running the operating system. Additionally, Ormandy found that one of Symantec’s unpacking software programs could be exploited by simply sending an email with a malicious link. Even more troublesome, the recipients of the malicious link wouldn’t even have to open the file in order for their computer to be compromised.

So what does this mean for your small business?

First of all, you should make sure your Symantec Enterprise software is updated. Norton has taken measures to update all of its products, but some of their software does not automatically update through the LiveUpdate.

Secondly, you need to understand that antivirus solutions are not completely protecting your network from corruption. Symantec’s senior vice president for information security admitted to the Wall Street Journal in 2014 that antivirus is only a small part of protecting your network.

As a small business owner you may have the perception that a cyberattack would never occur on your network because you are “too small” to be targeted. However, a 2012 study conducted by Verizon found that 71% of cyberattacks occur at firms with less than 100 employees. Additionally, the National Cyber Security Alliance reported that small businesses that are hacked have a 60% chance of failing within six months.

It is time to rethink the Cybersecurity strategy for your small business. The loss of data or an event causing significant downtime could result in a significant blow to your organization. Preventative maintenance, monitoring and alerting systems, mobile device management, and more can be used to defend against cyberattacks. Disaster recovery and back-ups allow your business to continue operations with little to no downtime in the event of an attack. You can use these resources below to learn about Cybersecurity and find the solution that best suits your business:

The SBA Learning Center offers a free 30-minute course on Cybersecurity for Small Businesses-found here- https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-businesses

If you think anti-virus alone is enough to stop this threat – think again. If you haven’t had a network assessment performed recently, call us today at 717-914-0102 or signup online for a FREE, no obligation network and security assessment.

Get protected before a disaster like this cripples your business.