Work-at-home entrepreneurs can build empires on a shoestring budget by using innovative technology to do the work and solve problems. Mobile and remote computing in particular help small businesses turn on a dime to meet and beat changing job and market conditions. Unfortunately, those technologies also pose the greatest security threats to the company.
Typically, small businesses do not have an IT expert to launch a defense or even to identify the more insidious threats lurking in unexpected places. That does not mean, however, that SMBs must gamble their livelihood on a wing and a digital prayer. Small business owners can take several relatively simple yet very savvy actions to protect their assets.
Small Business Security: Data Dangers
First, be aware that a strong defense encompasses far more than simply protecting the hardware. “With regard to security, the biggest risk is, of course, the data — not necessarily the actual equipment,” says Yehuda Cagen, director of Client Services at Xvand Technology Corporation. “According to the Computer Crime and Security Survey, the value of the information in an average notebook exceeds $250,000.”
There is more to protecting your business data while working from home than just using passwords, antivirus software, stolen or lost device wipes, and router protection — especially if you have one or more employees working from their homes too.
“If they do stupid things on their own network, it can expose their work computer to undue risk,” warns Jon Heimerl, director of Strategic Security at Solutionary, an information security company. “Assume that the telecommuter’s home network is hostile.”
The Why and How of Virtual Private Networks
One way to limit your exposure to risk via an employee’s use of his home network is to use a Virtual Private Network (VPN). Setting up a VPN is easy and cheap. If you are running Linux computers, it’s a matter of clicking a dialogue box and following a couple prompts. Or, you can use an open source VPN which is also free, or buy VPN software from any number of vendors.
A VPN gives you a secure and private Internet connection and treats all your remote employee devices (from desktops and laptops to smartphones) as though they were physically plugged into your company’s own network. You and your employees have access to company information, but all data moving over the Internet via a VPN is encrypted so that sniffers in public hotspots and hackers attacking a home network are blocked from reading the data.
Another advantage of VPNs: if you use a professional VPN service, you can have additional IP addresses based in any country you want. This lets you access servers that are not available from U.S.-based IP addresses. This can be exceptionally handy if your company does business in foreign countries.
“If your employees are connected to your business via a VPN, you can make sure the VPN segregates them from their home network,” says Heimerl. Doing so circumvents any security threats on the employee’s network such as a virus their teenager downloaded in a game or video that then spreads to all computers in the house.
“But it is possible for that same user to connect to the outside world without using the VPN, and perhaps connect to their home network when the VPN is down,” he says. Therefore, just establishing a VPN is not a total security solution. You must enforce employee use of the VPN at all times.
There are a few exceptions to the VPN rule, such as when staff requires little centralized control and access. “Perhaps you can get by with Outlook Web Access, and share work files through an outsourced cloud provider. This can be a reasonable business model,” says Heimerl. “But, if you are in a business that requires open communication and collaboration in a team environment, you may need to connect the users to each other via a common VPN network.”
To further protect your own home network or that of your employees, encrypt everything, and ensure that you and your employees do not talk about sensitive company business on public networks — such as social media.