Managers at small businesses may think of enterprise security issue is only for multinational corporations and massive government agencies. But Doug Jacobson, director of Iowa State University's Center for Information Protection, does not see it that way. "It's really everybody's business," he says.
As director, Jacobson closely monitors the rising number of digital threats to businesses. He believes managers at smaller firms have plenty to lose from network breaches: "A list of credit-card numbers is as important to a neighborhood dry cleaner as it is to a national retailer."
Typically, managers at startups and smaller companies relegate IT security concerns to the background. They usually focus instead on more immediate goals such as boosting revenue and market presence. But those plans can be derailed by a single network intrusion. Indeed, for small businesses, such breaches go beyond theft. They can lead to employee downtime, missed deliveries and lost sales.
First Step
Acknowledging the risk is the first step in creating a business that anticipates potential attacks.And that understanding must start at the top. Remember that there are management solutions to technical problems, but there are no technical solutions to management problems.
In the past, many small businesses have been able to get by on minimum security investments, but emerging technologies are rapidly changing the playing field. Innovations such as wireless networking (3G cellular and WiFi technologies), mobile devices (smart phones, PDAs and laptops) and portable storage devices (USB memory sticks and media players) are now exposing smaller businesses to increased security threats. "When technology becomes complex, it becomes fragile," says Jeffrey Camiel, director of technology risk management at Jefferson Wells International, a professional services firm. "When you have fragility, you have higher opportunities for vulnerabilities."
To close the gaps, risk-sensitive businesses must maintain at arsenal of security tools. Network firewalls and access controls, which restrict entry to only authorized individuals system, constitute the first line of defense. "Constructing the firewall internal restrictions based on security best practices and usability is key," says Jacques Erasmus, director of malware research at Prevx, antivirus software to publisher.
To close the gaps, risk-sensitive businesses must maintain at arsenal of security tools. Network firewalls and access controls, which restrict entry to only authorized individuals system, constitute the first line of defense. "Constructing the firewall internal restrictions based on security best practices and usability is key," says Jacques Erasmus, director of malware research at Prevx, antivirus software to publisher.
Yet firewalls and access controls alone are not enough to shield networks and mobile devices.Cyber Criminals Tend to be a determined and persistent bunch. As they seek out potential victims, they use vulnerability-scanning software to probe networks for soft spots. Fortunately, businesses can use the same technology to catch weaknesses in their systems-before hackers attack.
Managers at smaller companies also need to extend technical safeguards to desktop and laptop computers. While virtually all companies install antivirus programs on employee computers, few take advantage of other hacker-busting tools. At the very least, experts say, managers at small businesses should load antispam and antiphishing programs onto PCs and notebooks. These programs are widely available, often as shareware or freeware.
Neighborhood Watch
Neighborhood Watch
Although such programs are a must, software is only one part of the security solution.Consultants say businesses need to establish clear and consistent policies regarding the use of devices that might compromise a network. USB thumb drives, memory cards and MP3 players, for example, are often used by employees to transport or back up files. Ace thumb drives become more capacious and less-costly (a 4GB thumb drive can be purchased for less than $ 25), employees are discovering all sorts of clever uses. Some are using them as portable hard drives or running stripped-down business applications on them, while others are installing arcade games.
But portable storage devices can easily become infected, Allowing malware to slip undetected into network systems. Policies governing such rogue technologies are essential, but they should be developed only after managers have a firm understanding of the devices their employees are using and the risks they pose. "Businesses need to take a risk-management approach when creating security policies," says Scott Crawford, a research director at Enterprise Management Associates, to IT management consulting firm. "If not aware of the actual risks you face and the steps you can take to remediate them, you're policies may not match reality."
The same can be said of employees. Many still have no clue that downloading from the Internet and using their portable storage devices can leave employers' networks vulnerable to intruders.Thus, security experts advise employers to educate their workers about important security issues. "All employees need to be aware of their role in protecting whatever the company considers to be important," Jacobson says, adding that security can be jeopardized by the most junior member just as easily as the most senior.
Training materials-which can come in many different forms these days, including brochures, newsletters, e-mails, seminars, webinars and videos, are the best way to deliver and reinforce that message. Offering a variety of information sources Ensure that employees have access to vital security information. "There should be education on as wide a scale as possible on the importance of good security," says Sam Curry, vice president of security management at CA, a business-software provider. "The foundation of a good security program requires that the processes be in place to support the people and the technology."
Talk It Out
Whatever the medium, the message needs to be reinforced by two-way communication. The goal? Making sure an employee understands that a seemingly innocuous act-clicking on an e-mail attachment or downloading an MP3 file, for example-could expose an entire network to malware.
Managers must take the time to explain why certain practices are required, to answer employees' questions and to seek support in implementing and updating security policies."Employee cooperation and active support is vital for success," says Curry, who suggests that companies advance security measures by tying the concept to the business as a whole rather than to individual projects. "This is a hard sell, but it will win in the long run," he says. "Look to your peers in the industry for examples of how to do this and have models that worked."
Of course, any network security plan must be flexible enough to accommodate new technologies and emerging threats. Policies should be assessed annually to help Ensure that they are keeping pace with constantly evolving threats, or changes in the marketplace. For example, consumers are Increasingly frustrated by the theft of customer information from corporate databases, a potential disaster to be avoided at all costs. But experts say there is a balance to be struck. While implementing a comprehensive IT security plan is a must in the digital age, bosses need to keep tabs on Whether those security practices are actually impeding worker productivity. This applies to businesses with 20.000 employees or 20th "When it comes to companies, security is really size independent," says Jacobson. "Everybody needs to be aware of the threat-and be willing to pitch in and help."
Of course, any network security plan must be flexible enough to accommodate new technologies and emerging threats. Policies should be assessed annually to help Ensure that they are keeping pace with constantly evolving threats, or changes in the marketplace. For example, consumers are Increasingly frustrated by the theft of customer information from corporate databases, a potential disaster to be avoided at all costs. But experts say there is a balance to be struck. While implementing a comprehensive IT security plan is a must in the digital age, bosses need to keep tabs on Whether those security practices are actually impeding worker productivity. This applies to businesses with 20.000 employees or 20th "When it comes to companies, security is really size independent," says Jacobson. "Everybody needs to be aware of the threat-and be willing to pitch in and help."
RELATED TAGS : HOME INSURANCE, BUSINESS , FOREX , REALESTATE , MARKETING , AUTOMOBILES , CURRENCY’S , INVESTING IDEAS , SHARES , BUSINESS INSURANCE , LIFE INSURANCE,
+ comments + 1 comments
interesting article.I think this is very timely
Johnny Ray
http://www.sirjohn.us
http://www.sirjohn.org/bloglist