The View From Here

Wednesday, May 16, 2012

Where do you draw the line on securing your business against cyber threats?

Your small business needs some kind of protection against cyber threats, but how do you know what to use or how much money to spend?

As it turns out, the solution lies in answering a few simple questions.
  1. Do you have a network? This can be wireless or wired, but basically, if you have more than one device connected to other devices, then you have a network.
  2. Do you have electronically saved information about your staff? Specifically, do you use software for payroll or timekeeping and have employee banking information or social security numbers?
  3. Do you store client or customer sensitive data? In other words, do you keep credit card numbers, personal identification information (ie social security numbers, date of birth), or other information your customers would not want shared with the outside world?
  4. Do you develop or invent anything? Is your company creating intellectual property or items that will be patented or copyrighted?
  5. Do you deal with sensitive documents? This is especially important if you work with internal information for your clients that should not be shared with anyone outside your organization.

Now, depending on how you answered these five questions, you can pick the solution that’s right for you. You see, it’s really about minimizing risk and employing solutions that make sense for your size business.
 
There are several items all businesses will want to invest in or turn on, no matter the size:
  1. Someway to connect to the internet. If you aren’t using the internet to build your customer base, you’re missing an opportunity.
  2. Data backup. All of your files and documents are important and need to be backed up. There are several free online vendors like Mozy or IDrive or you can use a file-sharing service like Dropbox or Google Docs to save your important information.
  3. Windows Firewall. Turn this on. It’s easy and comes pre-packaged with Windows.
  4. Anti-virus. Keeping your computers free from viruses is an on-going challenge. Products like McAfee and Norton are well known and popular. A less expensive (free) option is Microsoft’s Security Essentials, which does a good job of protecting against viruses.
  5. Maintenance Contract. You should build a relationship with a reputable computer repair company. Many of these companies will allow you to sign up for a maintenance contract that stipulates a number of hours available to work on your computers. Under the contract, there is usually a discounted hourly rate.

For everyone beyond a small business or shop who has multiple computers and a network, you need more than the basics. The following solutions are based on increasing risk-level and build on each other. If your business answered yes to all five questions, then you’ll want to look into investing in all of these solutions.

A switch. A switch is a device that allows you to connect multiple computers, printers, copiers, fax machines, or other equipment, to each other and then to your modem. It acts as a control center for your network. It also will help protect your network from outsiders. When it is installed, make sure you change the default password or it won’t be protecting you from cyber-criminals because they all know the default passwords.

Internet monitoring. You should know who is trying to log into your network and what your employees are doing on company time. The first part of this can be implemented by using the log system built into a switch or firewall. These can be set up to send you information daily, weekly or monthly. You should review the file that is sent to see if there are any patterns. Once you have an idea of what the traffic looks like that is trying to get into your network, you can monitor it by seeing if the number of attempts goes up or down. Internal monitoring begins with a good Internet Use Policy. There are many available as templates online. At its simplest, looking at the browser history will give you a good idea of what your staff have been looking at while using company computers. In order to setup monitors that allow you to block certain websites, you will need to purchase either a software solution or an add-on to your firewall.

Firewall/Anti-Spam. As your business grows so will the potential impact of a security breach. A firewall is designed to protect your business from outside threats. Many firewalls are packaged with applications that will filter spam from in-coming email along with filtering out potential trojans or other pieces of code that could be inserted in your network. A trojan, if in your network, could allow an outsider access to all of your network information and data. A solid starting point for small businesses is to look at products from Cisco or SonicWall for more powerful solutions or Barracuda or Netgear for less robust needs.

Advanced Data Backup. Your business, at some point, will out-grow the free on-line data backup solutions. At that point it’s important to look at both on-line and more traditional backup methods. Large capacity backup drives are relatively inexpensive and can be configured to run at designated times on a daily basis. You should backup your data daily. You should also make sure you remove your backup from the office in case of fire or other disaster. Ideally, you will use both an on-line backup solution and a physical solution, like a Seagate or Passport hard drive. 

Document Management. If your business stores sensitive documents, whether client data or intellectual property, it becomes important to secure that information. A document management system allows you to monitor (or audit) the changes made to any document, see who has worked on it, allow only certain members of the staff to access it, and set other security features. Most management systems also add features like easy searches or collaboration abilities. These systems can be purchased from vendors who sell a stand-alone solution or bundle the product with copier/printers.

Cost. On-going costs include things like new anti-virus definitions, updates to software, online data backup fees, and any maintenance contract fee. These costs do not take into consideration the implementation, software or hardware costs. As far as costs go, for the smallest of companies with minimal risk, you should budget at least $100 per month for cyber-related issues.  Once you invest in a network and a switch, you are looking at a monthly budgeted amount of $500. Adding increased data backup and a firewall raises your monthly budget for cyber security to at least $1,500 and as much as $3,000. Finally, once a document management solution is added, your monthly budgeted expense should be at least $7,500.

At these price points, the benefits you receive from minimizing cyber security risk will out-weigh the cost.

Labels: , , , , , ,