Small businesses could be left without any help or advice about the GOZeus takedown.
With reports that advice website Get Safe Online has been struggling to stay online under user requests, advice has been issued by the Business Centre Association (BCA) which urged “all computer users to act immediately”.
An email seen by IT Security Guru urged recipients to “take full advantage of this opportunity, both to protect your computer and your files, and also to assist the authorities in putting a stop to this far-reaching criminal network”.
Get Safe Online did not respond to a comment request, but its advice page said that users will be informed by their ISP who “will know that your computer is infected”. It said: “Remember that making sure that updating your operating system and software are good habits to get into so you should be doing this on a regular basis.” One small business owner told IT Security Guru that they were “clueless” on what to do.
A spokesperson for the Federation of Small Businesses told IT Security Guru that it had not published any advice regarding this incident, but it had offered some top tips after the eBay attack, while research it issued in May found that small firms lose around £785 million per year to cyber crime.
Mike Cherry, national policy chairman at the Federation of Small Businesses, said: “Cyber crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many businesses will be taking steps to protect themselves but the cost of crime can act as a barrier to growth. For example, many businesses will not embrace new technology as they fear the repercussions and do not believe they will get adequate protection from crime.”
Oliver Pinson-Roxburgh, systems engineering manager at Trustwave, said: “The problem that many small businesses face is that there are simply so many threats out there to deal with. Quite simply, small businesses often don’t have the skills, staff, or technical know-how to deal with cyber threats.
“Ultimately, organisations with limited experience should look to a trusted provider to help them protect their staff from attacks. There are several strains of malware: password stealers, banking trojans, DDoS bots, Ransomware, fake updates or anti-virus, crypto-currency miner, all of which are out to get the unsuspecting users data and, as we have seen, steal whatever they can monetise.
“What SMBs need to look at is a way to educate employees on best security practices. One option is through cost effective online security awareness training, and invest in gateway security technologies to protect networks and users against zero-day exploits, targeted malware and blended threats. These don’t have to be expensive or difficult solutions to manage, if you use the right provider that has the small business in mind.
“Another area to note is that even the small business needs to develop, institute, and rehearse and incident response plan and they should consider MSSPs as experts that can help with remediation in the form of ongoing tuning of their technologies, and continuous threat monitoring.”