Innovative use of the Internet can give small business owners just as much of a competitive advantage as their larger counterparts. However, larger businesses have increased spending on IT security and compliance efforts, turning the attention of cyber criminals to the small business community.
According to the National Small Business Cybersecurity Study, most small businesses don't do enough to protect themselves online. Nearly one-fifth of small businesses don't have or use antivirus software. Sixty percent don't use any encryption on their wireless networks, and two-thirds don't have a security plan in place.
On the most basic level, cyber criminals seek to steal personal information, such as credit cards, social security and bank account numbers and passwords. These new-age criminals use spyware, malware and other illicit applications to hijack computers and use them in larger criminal activities. For instance, entire networks of hijacked PCs—“botnets”—are used to send spam e-mails intended to direct recipients to fraudulent websites designed to extract personal information.
Despite stepped up government efforts to identify and break these criminal enterprises, they continue to grow in number, reach and sophistication. Like all criminals, they constantly seek out the best targets of opportunity. Today, those targets are in the small business community.
So what is the cost of proper security? The real question should be what is the cost of not taking the appropriate steps to secure my business? Consider how long it would take to rebuild your business if you lost all your data and how your company’s reputation would take a hit if you were compromised by a cyber criminal.
Every small business should have these seven basic things:
1. An Internet use policy
Every business needs a plan for protecting its information, and part of that plan should be an Internet use policy that lets employees know what their responsibilities are when it comes to surfing the Web on company time. At a minimum, the policy should address what files or software can be downloaded from the Internet, the use of anti-virus software to scan any approved file downloads before they are opened, the use of strong passwords, what sites can and cannot be visited at work and what, if any, social networking sites are approved for business use.
2. Content filtering
The easiest solution to spyware, malware and other Internet threats is to prevent access to those sites most likely to contain them. No employee for any reason should need to access the sites that you block at work. A content filter will block access to pornographic and other sites most used by cyber criminals and others with ill intent. Content filters also prevent employees from accessing non-work related sites that negatively impact work effort and productivity.
3. Separate home/business computers
Whether your employees work at the office or from home, it pays to maintain separate computers for work and home use. Although it may make more sense financially to consolidate home and office use, the savings are misleading. Doing work on a home computer exposes you and your customers to significant risk. Investing in another computer will easily pay for itself in risk reduction.
4. Anti-virus and anti-malware software
PCs increasingly come with these programs installed. Small businesses requiring more comprehensive protection can also choose to install a suite product that automatically patches their operating systems every time new malware or a virus is detected.
5. E-mail protection
Many suite security products include e-mail protection to guard against spam and other threats. Make it clear to employees that no one should open attachments from unknown senders.
6. Strong passwords
Always create strong passwords of more than six characters that use mixed-case letters and include numbers and symbols. These strong passwords are much harder for any cyber criminal to break or guess. Power-on passwords should also be installed on PDAs and cell phones, even personally owned ones that are used for business. In most cases, your data is your business.
7. WiFi (wireless) safety
Businesses have rapidly adopted and implemented wireless Internet networks. Although small businesses have gotten smarter about securing their wireless networks, they need to get smarter about using stronger encryption and changing the default passwords.
These are the basic tools that every small business should use, but this is by no means a complete list. Consider adding network security equipment such as firewalls, virtual private networks (VPNs), intrusion prevention systems (IPS) and network access controllers (NACs). Remove unused software and user accounts. Establish physical security controls for all computer equipment. Maintain backups of critical files and software. Keep your company’s software current. Limit access to sensitive and confidential data. Maintain adequate insurance coverage. And most importantly, get technical expertise and outside help when you need it.
OPEN Cardmember Lee Noriega is the CEO of Intrench Technologies, a network security and engineering company that provides secure network infrastructures.