It's an Internet epidemic. Spyware is spreading fast, and small and midsized businesses (SMBs) are probably most susceptible to catching this nasty disease.
Just how bad is spyware for SMBs? In most cases, an infection amounts to a serious headache for IT administrators. Left untreated, however, it can prove fatal to a company's financial standing and customer confidence.
Spyware refers to a program that secretly gathers information about a computer user and relays that information to an interested party. Spyware falls under the rubric of malware, or malicious software, which also includes viruses, worms and Trojan horses. Preventing and combating it can be cumbersome, with not only choosing which remedy is for you, but also deciphering which ones are legitimate.
"The Internet is a cesspool of spyware," said Ed Skoudis, co-founder of Intelguardians Network Intelligence LLC, a security consulting firm in Washington, D.C., and co-author of Malware: Fighting Malicious Code.
According to Skoudis, the typical owner of an SMB is a prime target for identity theft via spyware. Creditworthy and financially solvent, SMB owners fit the profile identity thieves are casting for in their spyware nets.
"Most people feel that the odds are in their favor when it comes to avoiding identity theft," Skoudis said. "The odds are stacked against SMB owners, however, and they can't afford to be complacent about the possibility of identity theft
In addition to targeting SMB owners' financial information, spyware goes after sensitive customer data. For Kelly Wilke, director of technical services at Northwest Montana Physicians Group, the protection of patient information is a critical reason to fight spyware.
Volker Bruhn, IT manager at Holman Insurance Brokers Ltd. in Markham, Ontario, agreed. "We have personal information of 25,000 clients in our databases," Bruhn said. "The loss of that information to thieves would devastate our business."
Besides stealing data, spyware steals SMB employees' time. By consuming IT resources, spyware can slow business functions and productivity down to a crawl. If spyware is present, Bruhn said, doing a simple task can take 10 times longer than usual.
In addition, cleaning up the spyware mess can consume a large percentage of IT resources. "Spyware affects the small and medium-sized business more than larger enterprises because the SMB has fewer IT resources at its disposal," said Stu Sjouwerman, founder and chief operating officer of Clearwater, Fla.-based Sunbelt Software Inc.
Wilke recalled a spyware invasion of one of the PCs he administers. "It took five minutes to download Excel after it was double-clicked," Wilke said. After installing CounterSpy, a Sunbelt Software antispyware software tool, Wilke discovered 83 pieces of spyware on the PC, which was only two months old.
Bruhn found that spyware was bogging down his PCs to the point where they were sometimes inoperable. "We don't have the resources to upgrade our PCs often, or replace them when they won't function because of spyware," Bruhn said. His two-person IT shop spent approximately eight hours per week cleaning up spyware for the 100 users in his insurance brokerage firm. "One full day of our workweek was a lot of human resources devoted to spyware messes," he said.
It's no secret that IT administrators have to be proactive about spyware. It takes fewer resources to prevent the problems of spyware than to clean up the mess afterward.Free downloads for small shops
For very small businesses, Skoudis recommends free antispyware downloads such as Microsoft's antispyware. For larger organizations, an enterprise-level product such as CounterSpy or McAfee's Anti-Spyware Enterprise can enable administrators to counter the spyware menace networkwide from a central consol, instead of by each PC. The reports generated by an enterprise product can help pinpoint which PCs are accidentally downloading the most spyware, which may highlight improper use of a company PC.
Keep in mind that an antispyware product blocks only the spyware identified by its vendor. So, buyers should evaluate the quantity, quality and frequency of updates of a vendor's spyware database. Sunbelt Software, for instance, constantly collects spyware data from field engineers and partners such as Microsoft.
For Bruhn and Wilke, the PC-by-PC approach to clearing out spyware took too much time and was not proactive enough. They both installed CounterSpy, Sunbelt's enterprise class antispyware product, to cure their spyware headache.
Wilke installed CounterSpy on the infected PC with good results. "I cleared the spyware out, and it ran like it came right out of the box," he said.Policies = prevention
Experts agree (and recommend) that having a security policy in place that outlines the use of company PCs is a good idea.
"Limiting the personal use of company computers can limit the accidental download of malware," Skoudis said. A document accompanied by a presentation, if possible, given during employee orientations is the first step toward preventing accidental downloads. The document could include an agreement regarding personal use of company PCs that the employee has to sign.
Skoudis also advised IT managers to tell employees that employee computer usage could be monitored in PC login boxes. "You don't want to go so far as to install spyware to spy on your employees to combat spyware. Then you are getting into difficult territory."Maxine Kincora is a contributing technology writer in Berkeley, Calif.
This was first published in May 2005