The Three Things Every Small Business Needs To Know About Network Security

What do Emulex, the White House website, and Microsoft have in common? All have been the victims of network security compromises. While these are some of the more high profile cases, there are daily examples of network security failures and the high costs imposed on companies as a result.

There was a time when only large companies worried about network security breaches. However, in this brave new world where everyone from the home user to the large corporation relies on technology for functions that range from email to the storage of sensitive data, it seems no one is immune to the havoc that viruses, worms, spyware and hackers can wreak.

So, what's a small business to do? How do you keep your company's network secure? Most small businesses do not have a specific IT budget set aside, much less a certain percentage allocated toward network security. Yet the failure to have a secure network can cost a company far more than it would have ever spent on security.

There are three things every small business should know to reduce its chances of becoming another network security statistic.

  1. Your employees are your biggest risk and asset

    WebSense, a web and email filtering company, indicates 80% of all security breach incidents occur from within an organization. This conjures an image of the bitter employee sitting in a back room creating a sinister plot or virus to bring the company's operations to a grinding halt.

    While this certainly does happen, most often it is the seemingly innocent daily actions of employees which may put you at risk. Consider the email with an attachment that is opened, launching a company-wide virus within minutes. Or, perhaps employees are web-surfing on sites that are not reputable. Maybe your sales manager brings a proposal home for the weekend on a CD or floppy disk, works on it using a home computer which has a virus, and brings it back to the office on Monday to add finishing touches. Or that sticky note with a user name and password on an employee's computer screen.

    It is necessary to create a company culture of vigilance. The first step is awareness. Educate employees about the risks. Instruct them not to open emails and/or attachments from unknown sources. Reduce non-business web surfing by implementing "acceptable use" policies, and reinforce them.

  2. There is no fool-proof method to ensure total security without unplugging your connection to the internet.

    Given the frequency with which new viruses are introduced, it seems impossible to keep up 100%. Here are some recent statistics from Websense that show the severity of web threats.

    1. 85.6 percent of all unwanted emails in circulation contained links to spam sites and/or malicious web sites
    2. 77 percent of Web sites with malicious code are compromised legitimate sites
    3. 95 percent of the of user-generated comments to blogs, chat rooms, and message boards are spam or malicious

    So what can you do? The important thing is to have a plan in place for dealing with them.
  3. Back to the basics: What every small business should have for a more secure network.

    1. Passwords that change on a regular basis and are not intuitive.
      The National Cyber Security Alliance recommends using hard-to-guess passwords that are at least eight characters long and mix upper case, lower case and numbers. Don't share your password with anyone and change it at least every 90 days.

    2. Up-to-date anti-virus software on all workstations and servers.
      Since new viruses are created every day, it is essential to have anti-virus software that can be updated regularly to protect against the latest threats, preferably automatically updated to every workstation from your server.

    3. Firewall with strong traffic policies to prohibit and allow communication.
      Firewalls provide protection between your computer and the world. They filter and block potentially dangerous and unauthorized data from the Internet and also let "good" data reach your computer. There are two types of firewalls: software and hardware. Software firewalls run on individual computers while hardware firewalls protect several computers at once. The size and needs of your company determines whether you choose one or both.

    4. Email anti-virus and spam filters.
      Using filters to intercept email viruses and spam is an important way to protect your network. There are two types of email viruses: those that are enabled when opening an email attachment (i.e. the LoveLetter virus in 2000) and those that run automatically regardless of an attachment (such as the Nimda virus). An email anti-virus filter will catch incoming messages that contain viruses and stop them in their tracks. Typically you will receive an email notification to let you know that a virus was detected and quarantined.
      Spam is one of the biggest wastes of space and time ever invented. It's not enough that we receive junk mail in our physical mailboxes, now our email inboxes are flooded, too. Spam is inundating the internet with many copies of the same message in an attempt to force the message on people who would otherwise not choose to receive it. A spam filter separates unsolicited emails from those that are legitimate, placing the unsolicited messages in a separate folder. There is always the risk that the filter may block messages that are legitimate, so it is essential to review the messages in the spam folder from time to time. Most spam filters permit you to specify which emails you want to receive in your inbox based on a list of email addresses that you specify, often called a "white list".

    5. Anti-Spyware Technology
      Spyware, as defined by CRMtech.com, is "any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program." It basically gives advertisers information about your web surfing habits so they can target you for particular products. Anti-spyware is software or technology that disables spyware so you can regain your privacy.

Conclusion:

While no one can guarantee complete protection from network security breaches, it is critical to be proactive and have contingency plans in place. One of the more popular approaches to putting the right network security functions in place is outsourcing this function to professionals. According to Jennifer Mears in an article that appeared in Network World, "the outsourced IT professionals help you save time, give you access to reports and audits, as well as expertise that may not be available in-house. Bringing in the experts may be just what you need to get a jumpstart on the security of your network."

Image