There is a thriving underground global economy for your information. Some estimates put the figure as high as $6 billion dollars annually and expected to grow. Many small businesses assume that large businesses and corporations are more vulnerable to these internet threats. In reality, the hackers and attackers are increasingly targeting small businesses because, typically, they do not have the resources, knowledge or understanding of computer security. Additionally, most small businesses juggle multiple priorities and basic computer security is rarely a priority.
The scary part is that no business will ever be 100% secure, but there is hope. Here are some easy basics that every company, large and small, should implement.
The most common threat to your network is passiveness. A majority of people do not even do the basics. To begin, every computer should have some sort of anti-virus, spyware and firewall program running on your computers. Then you need to make sure that all of the software is up to date and contains the most recent versions. Firewalls come in two ways, software and hardware. The software firewall comes with most security programs or operating systems, you just need to make sure it is running. The hardware firewall is typically a more robust solution. Patching your computer should also be automated. Most computers that get hacked simply fail to fix the known security holes. Most manufacturers release regular updates to their programs. As the security patches are released they need to be installed on all computers.
The mobile user is the second most common threat to your network. Lost laptops with sensitive data or the ability to remote access networks is a hacker’s dream. Every laptop or mobile device that leaves the office should have all data encrypted. Encryption programs encode any data and makes it unreadable without the proper password or external encryption key. If you allow remote access to your network, it needs to be properly set up for maximum security.
Phishing. This can easily be described as tricking any employee into releasing sensitive information. This can be done over the phone, email, or at lunch. Train your employees that no one will ever ask for their login or password. Emails are becoming increasingly sophisticated into tricking anyone into clicking to their bank, paypal, or a bad webpage. A good firewall will block some of this, but employee training is vital. Passwords should also be somewhat complicated. No real names or words. Adding at least one number and making them a minimum of 8 characters is also recommended.
Unsecured wireless networks. The biggest data breach in a corporate environment happened over an unsecured wireless network. It has cost the company at least $17 million to date. If you need a wireless network, change the default username and password and make sure you encrypt the network with at least WPA (Wi-Fi Protected Access.)
And the last most common threat is within the organization. This can be either intentionally or unintentionally. A disgruntled employee can cause significant damage. So the best thing is to divide crucial functions and responsibilities among multiple employees. Implement strict passwords with no password sharing. Change the passwords every 90 days or after an employee leaves the company.
Ultimately, a secure network is an asset for your business and allows for growth. If all this seems daunting, hire a consultant to perform a security audit and make recommendations.
(first published 8/25/09)