The daily news is full of stories dealing with data stolen from some of America’s largest and most recognizable brands. In recent months we have seen network intrusions and data theft at Target, JP Morgan Chase, Home Depot and Dairy Queen. You’ve seen these stories and probably are thinking these are all large companies with lots of valuable data; no wonder they are targets. You might also be thinking don’t these companies have lots of really smart technology people who can protect that data? Just goes to show you what a tough battle it is protecting your virtual assets from hackers and unscrupulous people. What you should not be thinking however is this; if these big companies can’t do anything about it then why should I try? After all my company is a small business and who wants my data? Our experience tells us you might be amazed.
We see intrusion threats against small business on a regular basis. Why? Well beyond the fact that we are looking for them (it’s part of what we do for a living) it is because hackers are indiscriminant about who they target. When a hacker develops software to exploit vulnerabilities in widely distributed operating systems and networking tools they apply brute force to try and enter as many “unlocked doors” as possible. If your business happens to have vulnerabilities then loss of your data is a distinct possibility, however another common outcome is hackers will take up residence on your computers and launch other attacks. Sort of a nice for you to pay for assets they use for free, right? No, not really!
Let’s talk about some of the common technologies and approaches to provide your small business with some level of security, and afford you some peace of mind.
Firewalls and FIREWALLS!
When your small business decided to open its doors on the World Wide Web you probably called a local Internet Service Provider (ISP) and bought Internet access. It is highly likely you also acquired as part of the service a device that provided your business with Internet access and a firewall (a DSL or Cable Modem). You may have been told this firewall offers adequate security protection and your small company would be safe, and that would be correct. However you might be surprised to learn that not all firewalls provide equal levels of security. Think about how many different door locks there are and that will give you the general idea. There are entry level firewalls that are often bundled with Internet service and there are extremely robust firewalls available for businesses that provide higher levels of security and management. These robust firewalls constantly update their threat profiles with information about the latest hacking threats from around the world and provide much greater levels of manageability. How do they do this? Simple actually, that is the business they are in. They track these threats daily and publish updates for their customers because if they don’t they will soon find themselves out of business. These dedicated firewalls offer some pretty important ancillary benefits like, Internet redundancy, the ability to analyze Internet traffic and bandwidth consumption and provide web filtering. All these are features are can be very important if you care about finding out why one of your locations seems to have all the Internet speed they need but another never seems to have enough, or if you ever thought restricting who can access what while at work.
Beyond placing your information assets behind a firewall, your business might also want to consider encrypting very sensitive data. Five years ago this was an expensive effort, requiring sophisticated software and skilled IT professionals. Today however we are seeing a trend toward simplified approaches for “locking” down your data. This is particularly important for those businesses that are in a regulated environment which requires encryption of certain data. Even small businesses can implement a lock and key approach and this should be considered as an additional layer of protection.
It’s About People Too!
Technology never provides a complete solution for any business problem. Good processes and trained people are a must in order to leverage any technology. We encourage all our customers to keep this in mind as they address the security of their business. Having a policy about what Internet sites users can visit, what data can and cannot be downloaded, what media should not be brought into the business and placed on company assets, and how to handle external calls from unknown sources “phishing” for information. Having policies supported by education are as strong a line of defense as any technology.
Bring IT All Together for Peace of Mind
You have a business to run, but it’s impossible to run a business without a sense of security. Take steps to ensure an experienced and knowledgeable professional performs a periodic security assessment. Pick a managed it services firm that has the demonstrated ability to design and manage a secure environment. These actions will bring greater peace of mind and allow you to focus on your business and not your technology.