A Safer, More Secure 2007

By Lauren Simonds | Posted January 08, 2007

Whether it's shedding pounds or bad habits, the personal resolutions we make each year often go down the tube faster than you can say "Auld Lang Syne." But how about making professional resolutions? We're talking resolutions that protect your business and customer data, improve efficiency and keep your systems virus-free and running smoothly — actions that could boost the bottom line. Wouldn't that be worth the effort?

If the risk of losing critical business data hasn't spurred you into taking the first step, you might consider the possibility of legal ramifications. "Many states, including New Jersey, New York, Louisiana and California, are planning to prosecute companies that don't demonstrate vigilance in securing personal data," says Andy Greenawalt, the CTO of Perimeter eSecurity, an on-demand security services provider.

He urges small business owners to look at security as a practical matter based on common sense. "Don't think of it as taking on a one-time project, think of it as making necessary lifestyle changes." Good security practices aren't a nice-to-have item, they're a must-have item, he says.

To help start you on the path to a safer business, Greenawalt offers up seven security resolutions. We've also got a few anti-phishing tips from Panda Software.

Taking a few simple steps to secure your files, computers and networks can make 2007 safer, less stressful and more productive for you and your employees. Here's to keeping your business safe and secure in the New Year.

1. Change Your Password
It may seem like an obvious tip, but passwords are one of the weakest links in company's security. "Most people never change their passwords, and that's just a bad idea," says Greenawalt. He suggests using passwords that combine numbers, upper and lowercase letters. "Using symbols such as "@" for the letter "a" or "$" for the letter "S" — adds complexity without making a password impossible to recall, and ideally, you should change them every 30 to 90 days."

2. Download Patches and Updates
Your computer operating systems need to be updated and patched regularly in order for them to work effectively. The good news is that you can set your PCs to do this automatically. "Twenty new vulnerabilities pop up every day," says Greenawalt. "That's 6,000 a year. The only way to protect your systems is to run the latest software that's been corrected for those issues."

The anti-virus software you subscribe to (you DO subscribe, right?) won't re-subscribe itself — you have to do it. "AV software has the shelf life of soft cheese," says Greenawalt. "Keep track of it — make it a habit to keep your software current, and you'll keep yourself out of a huge percentage of trouble."

3. Hire a Hacker
Any small business with a network should hire a company to perform a network vulnerability scan. This lets you know whether and where your network is susceptible to attack.

"A vulnerabiltiy scan typically costs around $100, depending on the network," says Greenawalt. "The scan will show how exposed your network is to the outside world. It lets you know there's a vulnerability before it becomes a problem, and it's very cost effective." He recommends that you have a scan done every time you make a change to your network — like upgrading to new PCs or servers, for example.

4. Conduct Regular Checkups
In order to keep your network safe, you have to understand the risks. Greenawalt suggests scheduling ongoing risk assessments. "Think about and understand the priority and relative value of your data. Know what you can afford to lose and what you can't. No small business has enough money to protect itself like a nuclear facility. Prioritizing will help you make the most of your money."

5. Review and Communicate Security Policies
You can take all of the aforementioned steps, but if you don't create a sound security plan and communicate it to your employees, you're leaving a big security gap unplugged.

"Information security is a thousand little decisions made by front-line people. Tell your people what you're doing," says Greenawalt. "Make sure they understand the necessity of protecting confidential customer data such as social security numbers, bank account or credit card numbers. Information security should be a standing management item and reviewed regularly."

6. Scan all Entry Points
There are a lot of ways that viruses can enter your network — e-mail attachments, shared files, infected Web sites, downloads — and the number of entry points continues to grow. "One way to fight this threat is to evaluate your network and inventory its various entry points," says Greenawalt. "Then use anti-virus software that scans all entry points — including instant messaging, USB ports and mobile drives such as Blackberries and PDAs."

7. Consider Giving Up
Well, don't give up on security — just on the do-it-yourself part. The point Greenawalt wants to make is that outsourcing is a good option for small businesses that don't want — or simply can't — keep up with network security.

While Perimeter offers a range of services for small businesses, it's not the only game in town; other value-added resellers (VARs) offer similar products and services. Greenawalt does offer sound advice when searching for a company to handle your security needs: "Don't enter into this blindly. Before you sign any contracts, make sure you understand what your company's specific needs are — don't let someone else do that for you."

Anti-Phishing Tips from Panda Software
Panda Software develops and provides security products that protect against viruses, hackers, Trojans, spyware, phishing, spam and other Internet threats. The company offers the following tips to fight phishing — a particularly tricky practice that nefarious people use to steal personal identity data.

• "Your bank will never contact you via e-mail to ask you for any passwords. You should delete any messages that you receive asking for your personal details, or including a link that takes you to a Web page where you are prompted to enter them. Most likely, these are fraudulent messages."

• "Make sure that the Web page that you are visiting actually belongs to the bank that you want to visit. Pay attention to the Web page domain, and check that there are no differences with the real domain of your bank's Web page. Make sure your connection is safe.

• "Check that there is a little closed padlock displayed on the status bar of the browser, and that the Web address begins with https:// (note the "s"). These are clear indications of a safe connection. If you are in doubt, check that the Web page has a valid certificate by double-clicking on the padlock.

• "Type the entity's full Web address directly in the browser; never access it through hyperlinks that might point to fraudulent Web sites that could enable data theft."

• "Check bank statements periodically to make sure that there haven't been any irregular movements or transactions from your account. Contact the bank through which transactions were made, in order to get more detailed information about them."

Lauren Simonds is the managing editor of SmallBusinessComputing.com

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date