Small Business IT Support Service

Security Featured solution #5

Small business owners often push network security issues down the priority list in favor of more pressing matters. In many cases, network security is not a concern at all.

In this section, we attempt to address the basic aspects of security that every small business owner should be aware of. To better understand the types of threats that are present, it is helpful to divide the topic into three categories: external, internal (unintentional) and internal (intentional).

External

Unless you are a well known public company, a targeted attack on your network is highly unlikely. Targeted hacking requires significant expertise, time, and motive, and a seasoned hacker is not likely to intrude on your network without a specific reason.

Majority of the attacks from the Internet come from script kiddies.  Strictly speaking, they are not hackers at all, but amatuers utilizing automated software to prowl the Internet for an easy target.  They essentially jiggle every car door in the parking lot to see if one opens.

By sealing up the holes in your network and intelligently blocking suspicious behavior, a business-grade firewall from Sonicwall should be sufficient to deter such attacks. Off-the-shelf products from Linksys or D-link are generally not suitable for business since they tend to lock up with heavy usage from 10 or more users.

Also worth noting is the importance of strong passwords. Easy to guess passwords (e.g. "password") will defeat even the toughest security measures. Automated attacks often employ what is known as a dictionary attack, which is an attempt to guess your password by trying every word in the dictionary. Mixing numbers and symbols in your password is the best practice for defeating such techniques (e.g. "Security#1")

Internal (Unintentional)

It may surprise you to learn that your internal staff, not hackers, present a bigger threat to your security. The most common source of a virus is a bored employee surfing the Internet, or a curious recipient opening an unidentified email attachment.

We recommend Worry-Free Business Security from Trend Micro, which is an antivirus program installed on each computer. Beyond detecting viruses, it features a web-filtering option that prevents users from accessing unauthorized web content such as pornography, which is a common source of computer virus. Preventing access to such sites is an effective security meaure that is preferrable to reactive antivirus that can sometimes miss detection.

Additionally, we recommend holding yearly security training to clearly communicate acceptable use policy, such as "Don't download free programs from the Internet without approval."

Internal (Intentional)

The most dangerous of all threats is a disgruntled employee. The reason why they pose such a threat is that they have legitimate access to your network. They can walk right in and walk out with your client contacts, financials, or any proprietary data undetected.

You should be aware that by default, shared folders on the server are open to everyone. With help from IT, sensitive data contained in folders such as HR and Accounting should be locked down so that only authorized personnel can access them.

If you have an especially sensitive situation where you detect suspicious behavior, you may wish to install monitoring software that records the employee’s activity.  Spector CNE Investigator (www.spectorcne.com) works like a surveillance camera that creates a video recording of the user’s screen. It can be useful in situations where you need proof of elicit behavior. We suggest, however, that you check with HR regarding privacy issues before recording your employee behavior.

In conclusion

Security is not a one-time project. It is an on-going process that surface in different ways as technology changes. Awareness is the first step in protecting your valuable business data. Speak with your IT Professional on a regular basis to identify security vulnerabilities.