Editor’s note: one third of all data breaches occur in small businesses: The following piece offers excellent suggestions for protecting your small business. This was written by freelance journalist Jason Turbow BizWise the Cisco monthly newsletter for employers.
In January, a company credit card processing fee is malicious software on your network. He had pledged to the private information of customers with over 200 financial institutions. A month earlier, a payment processor in the United States has suffered attacks that affected their ATMs. 1 million people and caused loss of $ 9 million customers. A battle broke out between enterprise networks nationally cybercrime, companies not only in the firing line. Verizon Communications A study published in April found that one third of all data breaches in 2008 came at the expense of firms with 100 or fewer employees. The scale of these violations can not be compared with those of their counterparts in the company, but for small businesses, the sting of malware, botnets and Trojan horses can be so strong.
“The attention of a small-business customers is essential to stay,” said John N. Stewart, vice president and head of security at Cisco. “The security measures to protect customer information – as well as their own – must be a integral part of their modus operandi. ”
The threats are becoming more exotic, small business owners can take some simple steps to reduce the risk of being victims.
Step 1: Treat your business like a business
For many small businesses without dedicated IT staff, the response to the technological needs is often a trip to the store on the corner of a piece of hardware is easy to implement. This saves the hassle of installation, but also to open up sensitive information from outside intruders. In general, the built-in security features on devices designed for home use is not similar to those for small businesses.
“You can still go to many small businesses and see a good entry level for a house, but totally inappropriate for a business entity,” Ryan said Halper, president of Cynnex Networks, a technology company to support Seattle. “You must take a step beyond that if you have any business-critical, confidential information be protected.”
Even the enterprise-class hardware that provides security as a primary function – router, for example – can provide significant levels of protection when it comes to protecting a network.
Step 2: protect the perimeter
A firewall essentially serves as an effective barrier between the virtual network and the outside world. “The firewall protection should be obvious, but many of our small business customers that we see less of what we consider the minimum perimeter security,” says Halper Cynnex.
Even entry-level firewall security features that provides enterprise-class, such as essential packet inspection (to verify every piece of data flowing through them) and intrusion protection. Firewalls can also operate on a “white list” basis, allowing nothing but the data domains allowed to enter the network. This is particularly important when dealing with a subset of sites infected with malware and email trying to masquerade as coming from a legitimate organization. “No matter what seems to matter what it is,” says Stewart, Cisco chief security officer.
Step 3: Stay
The people who create malware are smart and ruthless. In case of new security technology effectively block their efforts, simply adjust their tactics to be able to avoid the risks are. For an example, look no further than spam. Just a couple of years ago spam was a major security problems faced by the networking company, until a flurry of anti-spam providers intervened and eliminate much of the risk. Problem solved? Not really. The spammers have more creative, and soon the anti-spam quota was again struggling to keep up.
“I just need to look at my inbox for the confirmation of this,” said Charles Kolodgy, research director of security products for research and analysis firm IDC. “I’ll make a lot of elements to be filtered, and then 3-5 days later, my e-mail will be back to normal, since the anti-spam programs to understand what you are doing this kind of spam and block or quarantine. ”
“If the company whose detention is being used says there is a new version, you must evaluate, and ideally, the distribution,” says Stewart. “We absolutely maintain the current position of safety.”
Step 4: Be careful
Botnets – collections of computers infected with malware without knowing it, which can be controlled by a third the mass nefarious activity such as spam – are especially dangerous because often there is little evidence tactile are still present. The best botnets work in the background, offering a slightly slower processor speed as the primary key for their activities.
‘You really have to look at the recording, which is something that small firms tend not do, “says Kolodgy. “Look what communications are underway. Watch the network traffic goes to strange IP addresses at different times during the day – the places one would companies have no reason to contact, such as Russia or China.”
Many security companies have placed protection against botnets among their priorities, or subscribers to date antivirus software patches and even more vital.
Step 5: Protect Interior
In January, a study by Purdue Krannert School of Management said that 46 percent of U.S. companies surveyed said that “the dismissed workers are the biggest threat caused by the economic crisis.” An example of this happened last year when Terry Childs, a disgruntled network administrator in San Francisco, sat in jail for five days, refusing to divulge the passwords you use to effectively block the government’s municipal data . Most small businesses do not have an employee with the same combination of experience and intentions of evil, but that does not give immunity to this problem. Halper Cynnex recommends that companies employ a strategy of containment, which allows employees to access only parts of the network required for operation. Similarly, network privileges may limit the types of tasks that can be executed by a particular job, eliminating many options for those looking to do something outside their regular job functions.
It is not just disgruntled employees who can create security holes, employees who do not know how to adequately protect the assets can also pose a risk.
“The mix of work in front of his house from the private and public means that data can be accessed, transmission, storage and stolen from anywhere at any time,” said Stewart. “Consequently, the data protection approach must change.”
This means that companies must promote a culture of security, knowing that data protection is a normal and natural part of the work of each employee, the tools and training that workers need to maintain safe operations.
“Everyone in society must understand why we are protecting what they are protecting,” says Stewart. “It s one thing I tell everyone to shut the door before leaving, but I really understand why you are closing the door. They must know that if we lose this data is business, the impact and, where appropriate management in risk. We realize that we not only protect our customers – we are protecting. ”