The View From Here

Wednesday, May 16, 2012

Where do you draw the line on securing your business against cyber threats?

Your small business needs some kind of protection against cyber threats, but how do you know what to use or how much money to spend?

As it turns out, the solution lies in answering a few simple questions.
  1. Do you have a network? This can be wireless or wired, but basically, if you have more than one device connected to other devices, then you have a network.
  2. Do you have electronically saved information about your staff? Specifically, do you use software for payroll or timekeeping and have employee banking information or social security numbers?
  3. Do you store client or customer sensitive data? In other words, do you keep credit card numbers, personal identification information (ie social security numbers, date of birth), or other information your customers would not want shared with the outside world?
  4. Do you develop or invent anything? Is your company creating intellectual property or items that will be patented or copyrighted?
  5. Do you deal with sensitive documents? This is especially important if you work with internal information for your clients that should not be shared with anyone outside your organization.

Now, depending on how you answered these five questions, you can pick the solution that’s right for you. You see, it’s really about minimizing risk and employing solutions that make sense for your size business.
There are several items all businesses will want to invest in or turn on, no matter the size:
  1. Someway to connect to the internet. If you aren’t using the internet to build your customer base, you’re missing an opportunity.
  2. Data backup. All of your files and documents are important and need to be backed up. There are several free online vendors like Mozy or IDrive or you can use a file-sharing service like Dropbox or Google Docs to save your important information.
  3. Windows Firewall. Turn this on. It’s easy and comes pre-packaged with Windows.
  4. Anti-virus. Keeping your computers free from viruses is an on-going challenge. Products like McAfee and Norton are well known and popular. A less expensive (free) option is Microsoft’s Security Essentials, which does a good job of protecting against viruses.
  5. Maintenance Contract. You should build a relationship with a reputable computer repair company. Many of these companies will allow you to sign up for a maintenance contract that stipulates a number of hours available to work on your computers. Under the contract, there is usually a discounted hourly rate.

For everyone beyond a small business or shop who has multiple computers and a network, you need more than the basics. The following solutions are based on increasing risk-level and build on each other. If your business answered yes to all five questions, then you’ll want to look into investing in all of these solutions.

A switch. A switch is a device that allows you to connect multiple computers, printers, copiers, fax machines, or other equipment, to each other and then to your modem. It acts as a control center for your network. It also will help protect your network from outsiders. When it is installed, make sure you change the default password or it won’t be protecting you from cyber-criminals because they all know the default passwords.

Internet monitoring. You should know who is trying to log into your network and what your employees are doing on company time. The first part of this can be implemented by using the log system built into a switch or firewall. These can be set up to send you information daily, weekly or monthly. You should review the file that is sent to see if there are any patterns. Once you have an idea of what the traffic looks like that is trying to get into your network, you can monitor it by seeing if the number of attempts goes up or down. Internal monitoring begins with a good Internet Use Policy. There are many available as templates online. At its simplest, looking at the browser history will give you a good idea of what your staff have been looking at while using company computers. In order to setup monitors that allow you to block certain websites, you will need to purchase either a software solution or an add-on to your firewall.

Firewall/Anti-Spam. As your business grows so will the potential impact of a security breach. A firewall is designed to protect your business from outside threats. Many firewalls are packaged with applications that will filter spam from in-coming email along with filtering out potential trojans or other pieces of code that could be inserted in your network. A trojan, if in your network, could allow an outsider access to all of your network information and data. A solid starting point for small businesses is to look at products from Cisco or SonicWall for more powerful solutions or Barracuda or Netgear for less robust needs.

Advanced Data Backup. Your business, at some point, will out-grow the free on-line data backup solutions. At that point it’s important to look at both on-line and more traditional backup methods. Large capacity backup drives are relatively inexpensive and can be configured to run at designated times on a daily basis. You should backup your data daily. You should also make sure you remove your backup from the office in case of fire or other disaster. Ideally, you will use both an on-line backup solution and a physical solution, like a Seagate or Passport hard drive. 

Document Management. If your business stores sensitive documents, whether client data or intellectual property, it becomes important to secure that information. A document management system allows you to monitor (or audit) the changes made to any document, see who has worked on it, allow only certain members of the staff to access it, and set other security features. Most management systems also add features like easy searches or collaboration abilities. These systems can be purchased from vendors who sell a stand-alone solution or bundle the product with copier/printers.

Cost. On-going costs include things like new anti-virus definitions, updates to software, online data backup fees, and any maintenance contract fee. These costs do not take into consideration the implementation, software or hardware costs. As far as costs go, for the smallest of companies with minimal risk, you should budget at least $100 per month for cyber-related issues.  Once you invest in a network and a switch, you are looking at a monthly budgeted amount of $500. Adding increased data backup and a firewall raises your monthly budget for cyber security to at least $1,500 and as much as $3,000. Finally, once a document management solution is added, your monthly budgeted expense should be at least $7,500.

At these price points, the benefits you receive from minimizing cyber security risk will out-weigh the cost.

Labels: , , , , , ,

Tuesday, May 20, 2008


A couple of weekends ago I went whitewater rafting with some friends - most of whom were brand new friends. My friend Mary invited me to tag along with her family to their cabin in Maryland. They have a great place where you can hear a river rapids while sitting on their front porch. There's plenty of hiking, great towns and even Wisp ski area close by. Of course the reason for our trip was the Cheat River festival that was being held that weekend. We chose to raft the Cheat with some professional guides whom Mary knew. What a blast.

I had been rafting two other times - once in Maryland and once on the Gauley in WV. The Cheat definitely matches up. It was riding just over 2' and had great rapids. We only had one miscalculation on the trip. Of course it was the one where we over-compensated pulling one crew member back and sacrificed four of us as a result. When we went to pull one back, we unintentionally over weighted one side of the raft, slided into a rock and went tumbling. I took out my poor partner and then ended up under the raft. Luckily I'm a good swimmer, used to be a life guard and took sailing classes, because otherwise I would have panicked and probably died right there. After tumbling in the surf, I came up toward the surface and there was yellow and no air. So I pushed myself along the raft, figuring I'd end up on one side or the other sooner or later. In fact, that's exactly what happened. Only I ended up on the side of the raft that was butting against a giant rock. Not only that, everyone remaining on the raft was facing the opposite direction helping the others. I saw the rock, saw the waves, saw that no one knew where I was and panicked a bit. I yelled "hello I'm over here" several times before anyone heard me. Then they thought I was a bit nuts and panicking.

To that I say - no duh - I was being ignored, we're heading toward a huge rock and my head is in between the raft and it. Yep, I panicked. What amazed me though is that I didn't panick under the raft or when I tumbled. No, it was when I thought no one saw me or would help me. Of course on analyzing it after the fact, they would have seen I wasn't with the other three and looked around for me. Only I wasn't really wanting to see if we hit the rock before or after they noticed I was somewhere else.

The rest of the day was beautiful and uneventful. Great rapids and loads of laughs. Of course we got drenched - not just from the rapids, but also from the downpour we encountered just before exiting the river.

The festival was soggy but cool. Lots of folk music, great food, and cool items being sold. I saw a lot of people camping and hanging out. It kind of reminded me of the atmosphere you'd find at pre-Greatful Dead concerts.

I've posted some pictures on my My Space page.

Labels: , , ,

Monday, July 16, 2007

What goes around...

There's a saying: "What goes around, comes around"

When you treat people well, eventually you will reap the rewards that go along with being kind, honest, sincere and hardworking. I just saw, first-hand, how this can play out.

We have a client for whom we've been working long hours to try to finalize their financial statements. They know how much time we've put into the project because we've kept in touch with them throughout the process. They've received status updates regularly and have been very easy to work with. In a recent phone conversation when discussing an up-coming meeting, our client mentioned, since he's done with his end he's not sure what to do with his day. My dad's response..."Take a day off buddy. You deserve it. Go play golf."

Now my dad doesn't make a habit of calling anyone buddy, outside our immediate family. Yet, he has built a relationship with our client that is more akin to friendship than just mere colleagues.

That brief exchange reminded me why I work here...I'm treated well just as every one of the team members and each client. Being respected and made to feel part of a team is a great way to encourage staff to put in the extra hours willingly.

Disclaimer: In case I haven't mentioned it before...I work for my dad, John Guelcher, founder and partner in K2S.

Labels: , ,