Why Security Matters

Why your small business should be bothered about company security

One of the biggest problems in computer security is that people have trouble believing that anything bad can happen to them - until it does. The truth is that bad things do happen and they happen more often than you might think.

Many small business owners believe that they do not need to worry much about security. "After all," they reason, "who would want to target my business when there are so many bigger targets out there?" While it is true that small businesses are not directly attacked as often as larger ones, there are three flaws with this reasoning. The first is that small businesses often end up as part of larger attacks, such as mass worm outbreaks or efforts to harvest credit card numbers. The second is that because security is becoming tighter than ever at larger companies, small business networks look increasingly tempting to attackers. And the third flaw is that this assumes that all attacks come from the outside.

Regardless of how or why your business is attacked, recovery usually takes significant time and effort. Imagine if your computer systems were unavailable for a week. Imagine if you lost all the data stored on all the computers in your company. Imagine if your worst competitor was able to obtain a list of your customers, along with sales figures and sales notes. How long would it take before you noticed? What would these breaches cost your company? Could you afford these losses?

It seems like common sense. You wouldn't leave your building unlocked at night. The same is true with information security and a few simple steps can make you a lot less vulnerable. Technology experts have a way of making basic security seem like a huge and difficult issue. Luckily, securing your business is easier than you might think.

Of course, there is no way to guarantee 100 percent security. As the old saying goes, "You can make a door only so strong before it's easier to come through the wall." However, you can achieve a reasonable level of security and be prepared in case breaches do happen. Properly weighing risks and consequences against the cost of prevention is a good place to start.

With a growing number of cyber criminals trying to infiltrate computers by stealth, we have drawn up a list of sensible precautions that people should take to protect themselves and their machines in 2009. Simply following the below advise will substantially reduce the chances of a successful attack.

1.     Disable Autorun in Windows: this facility is consistently exploited by criminals that use USB storage devices such as flash memory sticks and even digital photo frames, to infect computers.

2.     Keep applications and Operating System (eg: Windows, MAC) components up-to-date with automatic updates and patches, and by regularly reviewing the vendors product update sections on their web sites.

3.     Log on to the computer with an account that does not have administrative privileges, to reduce the likelihood and severity of damage from self-installing malicious software.

4.     Use different passwords for the computer and on-line services. Also practice changing passwords on a regular basis and avoid simple passwords, especially those that are easily guessed.

5.     Do not trust unsolicited files or embedded links, even from friends. Its easy to spoof email addresses, for instance, or to disguise a harmful link so that it looks like something quite different, whether its in email, chat or whatever.

6.     Do not disclose sensitive information on public websites like FaceBook or LinkedIn. Even information that in itself is innocuous can be combined with other harmless information and used in social engineering attacks.

7.     If sensitive information is stored on the hard drive, protect it with encryption and by regularly backing up your data to a separate disk and, where possible, a remote site or facility.

8.     Do not expect antivirus alone to protect the computer. Use additional measures such as a personal firewall, antispam and anti-phishing toolbars. However, be aware that there is a lot of fake security software out there, and sometimes even the best protection might not protect as well as common sense and caution.

9.     Do not connect to just any free access point. It might be the evil twin of a legitimate access point, set up to intercept your logins and online transactions.

10.   Do not use cracked/pirated software! These are easy avenues for introducing malware into, or exploiting weaknesses in a system. This also includes P2P (peer-to-peer) illegally distributed audio and video files.