Sensible IT Security for Small Businesses

By George Spafford | Posted March 16, 2005

"Do I need a new firewall?"

This is a frequent question asked by small business owners concerned about growing security threats infesting the Internet.

But rather than relying on a single solution to address security challenges, small organizations instead should adopt a strategy of "defense in depth" — using multiple mechanisms and levels for security.

Begin With Risk Management
This is the best place to start, as the outcome of this process will highlight what needs to be done. Understanding how much time and money to invest in security requires that you first determine what matters most to you. It may be customer design files, accounting data and so on.

Don't try to protect everything. It's just not realistic; the focus should be on what matters most. Second, look at how these critical items are threatened. Engage vendors, consultants and colleagues to figure out the best layers of defense that will reduce the risk to an acceptable level in a cost-effective manner.

Don't try to eliminate risk entirely. Your goal should be to lower the risk to a point that you can live with it.

Layers of Security
The following elements show how you can weave together various security components to create a better security net:

A firewall reduces the risks of attacks via the Internet. In the event that a threat breaches the firewall or that the intruder — possibly even an employee — is inside the building, the systems should require user IDs and passwords to limit access. The perpetrator must overcome these basic authentication controls in order to gain access to the systems and their data.

You can make it much harder for a hacker to access your data by taking these simple precautions:

  • Don't keep your passwords anywhere near the computer
  • Instead of easy-to-guess passwords (birthday, pet's name, etc.), create passwords with a combination of letters, numbers and symbols
  • Set your computer login so that the account locks after three unsuccessful login attempts

Automated systems can track hacker attempts to access your network. As the program generates security log entries, it can send e-mail alerts to the system admin (which in some SMBs could be the owner). If you review the security logs daily, look for an unusual amount of locked accounts.

The next layer of defense — encrypting key data — makes your data unreadable in the event that a hacker penetrates the system. Regular data back up ensures that you can restore vital data should a hacker manage to corrupt your encrypted data files.

By instituting multiple security layers, you're adding extra insurance. If someone breaches one of the defenses, then another one exists to thwart, or at least slow down, the hacker. Finally, it's a good idea to get into a daily habit of reviewing system access and security activity in general. It doesn't take a lot of training to understand simple reports, but you can also outsource more in-depth reviews to a security firm or contractor.

Adapted from esecurityplanet.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date