Computer Security For Small Business
Practices to help you become more secure
By Chris Dominiak
Information security is crucial to ensuring that your company, your employees and your customers are protected against the internal and external threats that exist today. Threats such as employee theft of crucial customer contract information, Internet hackers, viruses that can delete your hard drive, spyware that can steal information off your computers without your knowledge, and even social engineering hackers who obtain information about your systems by posing as a trusted source all can jeopardize your data.
How is your customer and sales information protected? Who within your company can access this information? Can anyone in the company print a year-to-date sales history on a customer? If you are connected to the Internet, are you protected from the thousands of viruses that can wipe out your computer system? Are your employees aware that they should never give out their password, not even to an IT employee? The internal and external threats are all around us. These threats are real, and all businesses, regardless of size, should be concerned and practice some form of computer security.
Establish rules for who has access to particular areas of data and make sure you have the capability to lock others out who shouldnít have access.
|
|
At this stage in the game, most medium to large companies have tackled enterprise-level security, but what can or should the small business be doing to protect itself? A lot of small business owners ask the same question: “I don't know a thing about computer security—where do I start?” A consultant or a knowledgeable information systems person is always your best bet, but there are some things you can do yourself if these resources are not readily available or you feel they're just not worth the investment. Below is a series of steps, a toolkit, to help you get started in the right direction.
Make Security a Company Initiative
Make the issue of security known and important from the top down. As a business owner or manager, you must first acknowledge that computer data security is a problem and make it a company issue. Doing so will instill the importance of security from you to your managers and to the employees. This comes about by talking to your people about security, writing policy and educating yourself and everyone around you about the many threats that exist.
Worried About Your
Employees
Use
of
the Internet? |
| BeAware is a program that records your employees' use of the Internet on your company's computers. The company says that the average employee wastes two hours a day at work on the Internet. Designed to help you eliminate time-wasting and inappropriate com-puter use, as well as protect your company from legal liability, BeAware monitors web-surfing, e-mail, chats, programs used, instant messaging activity and more. www.BeAware.com. |
|
Create a Computer Security Policy
The policy will help to establish the guidelines for each employee on the do's and don'ts of using the computer. This is done by creating a written computer usage or “acceptable use” policy and making it mandatory for every employee to read and sign. It will also serve to reinforce your position on the importance of computer security. To assist you in the creation of a policy, use the following link: http://www.sans.org/resources/
policies/Acceptable_Use_
Policy.pdf or Google
the words "computer acceptable use policy" and you will find a host of information to help you get started.
Educate and Inform Yourself and Your Employees
Oftentimes it is hard for people to understand why you want them to do something unless you explain the reason behind your logic. The best way to do this is to educate your employees on the many and real threats posed today and how they can help. Listed in the sidebar on page 85 are some great Web sites you can use to help build both your knowledge and your employees' knowledge about security.
Virus, spam and spyware pro-tection are relatively inexpensive and will protect computers from malicious programs that seek to alter systems or steal data.
|
|
Know What Your Employees Are Doing
Examine how employees access information and what information they can or need to access on a daily basis. Look closely and you'll be surprised by what you find out. Itís possible that everyone in the office has access to payroll information, but itís slipped under the radar. Does a front counter person need access to sales history information? Some companies have tightened down their access to critical information and don't even allow salespeople total access to historical sales information. You should establish and chart what is right for your business. Establish rules for who has access to particular areas of data and make sure you have the capability to lock out those who shouldn't have access.
Use Available Security Features
Once you have decided on access rules, implement them using your softwareís security features. Most operating systems and programs have security features built-in that will allow you to control access. For example, make sure each user has a unique username and password and specific access to only those programs or data they need in order to do their job. This is standard with most software today, but it's important to take full advantage of these features. Donít assign one login for everyone to use that can access all of the company's computer resources.
Protect Yourself from the Internet
If your computers have access to the Internet—whether it be for browsing or e-mail—make sure you have the following safeguards in place. Without these protections, you leave yourself open and exposed to the world:
Firewall — A firewall can be software or a hardware device that will serve as the sentry guard or first line of defense against hackers.
Virus, Spam and Spyware Protection — Such protection is relatively inexpensive and will protect each computer from malicious programs that seek to alter your systems or steal your data. Companies such as Symantec or McAfee can provide you with a software firewall, virus, spam and spyware protection.
Operating System Patches — Keep operating system patches up to date. Most companies such as Microsoft and Symantec provide daily updates and patches that can be set to automatically update your computers.
|
