Small businesses warned about spyware

2 Nov 2005

A growing number of Irish businesses employing 50 people or less have been affected by malicious spyware, an IT service provider has claimed. In addition, smaller firms are not aware as larger companies of the damage that spyware can cause.

Spyware programs gather information about a person or organisation without their knowledge and send this data over the internet to third parties such as advertising firms or other groups. In some cases spyware may be installed on computers without the user’s consent. Depending on the type of information that the spyware is programmed to find, it could leave sensitive company data open to disclosure.

According to James Finglas, sales director with MJ Flood Technology, smaller companies are less aware of the need to protect their networks against malicious content than larger firms. Moreover, data from the research firm iReach has found that antivirus software represents the single biggest proportion of IT security spending in Ireland. However, Finglas said a much smaller percentage of this is likely to be set aside to address the specific problem of spyware.

The apparent unwillingness by smaller organisations to invest in content filtering to combat spyware may be down to a lack of technical understanding, said Brian Murphy, technical director of MJ Flood Technology. “We have to remember that many companies of this size do not have a dedicated IT resource and are reliant on their financial controller or office manager to ensure network security,” he said. “Sometimes this lack of technical expertise results in a failure to properly understand the nature of the threat and prioritise preventative measures to eradicate it.”

Murphy cited the example of an Irish company that had recently been experiencing significant network downtime. When the firm’s network was audited, it emerged the cause was illicit malware. “The network subsequently crashed and was down for a period of eight days while we identified the source of infection, ‘cleaned’ every network device and installed a proper content management system,” he said.

The direct financial cost of the repair came to €27,000, but Murphy pointed out that there were other non-financial implications such as reduced productivity, loss of credibility and missed business opportunities and he argued that these were a more serious consequence.

There are many different software packages available to suit businesses of all sizes but malware isn’t simply a technology problem, Finglas warned. “User behaviour and frequency of internet usage strongly influences the likelihood of infection by malicious code,” he said. “We are advocating the creation of a practical security policy which seeks to inform users about the dangers of malware and encourage behaviour that minimises risk of infection.” A holistic content management system that eradicates every type of malware and malicious code for office-based and mobile workers would complement such a policy, he said.

In related news, the Anti-Spyware Coalition, an umbrella group of software companies, academics and consumer representatives, is preparing a document that will give guidelines for detecting, rating and protecting against spyware that it hopes will become best practice in the industry. A consultation period is currently under way and the final document is due to be released before the end of the year.

By Gordon Smith