With the inherent stresses that come with running a business, there is often little time to digest the complex intricacies of security software. According to recent studies many business owners eschew the notion that their digital assets may be vulnerable to attack. Although an attack or infection can be potentially catastrophic, many believe damage caused by viruses, hackers and worms only happens to others. They consider their data to be of little use or value outside of their organization. Even executives that acknowledge the existence of these hazards seldom have the time or the budget for security audits and/or an overhaul of their workflow procedures to comply with best security practices.
Below are a few simple tools, tips and guidelines that can help your business take a proactive approach to data security. By implementing the following, your business data will be less susceptible to financial damage caused by accidents and malicious attacks.
REGULARILY UPDATE YOUR SOFTWARE
Although valiant efforts are often made to write safe software, the fact is that no software is ever bug-free. Hackers exploit these bugs for a variety of reasons including fun and money. It is critically important that your software is updated on a regular basis. Most operating systems, firewall and antivirus can and should be configured to receive regular updates.
Update MS Windows visit: windowsupdate.microsoft.com
Update Mac OS visit: http://www.apple.com/support/
Firewalls separate one network from another and are frequently used to separate a companyâ€™s internal network from the Internet. Firewalls not only mask the identity of the individual computers behind them, they also examine and filter potentially damaging data entering or leaving the network. It is good practice to install both perimeter and client-side firewalls.
Some firewall providers include:
INSTALL ANTI-VIRUS PROTECTION
Hundreds if not thousands new malware programs are released each month. These include viruses, worms, Trojan horses and host of other programs. Symptoms of infection range from the annoying to catastrophic. Because viruses can slip through firewalls posing as a legitimate email or program, installation of client-side anti-virus software is important. Install only the latest version of your chose antivirus program and make sure to regularly update and scan your system.
Well established anti-virus providers include:
-Panda Software: www.pandasoftware.com
PROTECT THE CONTENT OF YOUR SENSITIVE FILES AND EMAIL
Email doesnâ€™t have to be a public announcement, yet private messages often turn out to be. Email and files containing sensitive business information such as strategic plans, contracts, financial information, designs and more all too often spread beyond the individuals they were intended for. According to a recent report by the Computer Security Institute loss of proprietary data was the third leading cause of financial damage to organizations last year.
To mitigate this problem consider using rights management software to protect your sensitive business data. Content rights management software not only encrypts files, but also serves to enforce access and limit usage privileges such as forwarding, editing and printing. These protections are persistent and remain with your files no matter where they travel. Any business that frequently exchange medical, financial, legal or design data should make regular use of encryption and content rights management technologies
Some established providers include:
-Essential Security Software: www.essentialsecurity.com
-Microsoft IRM: www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
ESTABLISH A PERIODIC BACKUP STRATEGY
Periodic backups are required to ensure business continuity in case of an accident such as a hard-drive failure or attack. In a networked environment full and incremental data back-ups can be programmed to take place at regular intervals. Small offices environments should backup their sensitive data external hard-drive or cd at least once a week. It is good policy for companies to back-up email as well. Back-up data should be stored off-site in a secure location. Be sure to test your backup processes to ensure that indeed your data can be restored lieu of an operational failure.
Secure off-site data storage providers:
-Iron Mountain: www.ironmountain.com
-First Backup: www.firstbackup.com
USE STRONG PASSWORDS
Passwords are used to authenticate the identity of an individual user. Unless otherwise protected, once a password is broken your sensitive data is exposed. With free software that is readily available on the web, most passwords can be broken in a number of minutes. These programs often use known words and phrases to break passwords frequently beginning with â€œpasswordâ€ and â€œadminâ€. For good password security use a combination of upper-case and lower-case letters, numbers and symbols (i.e. eR8>!tJd ). Make sure that your employees memorize their passwords and that these are not written down anywhere on premises.
HIRE A SECURITY CONSULTANT
While tips in this article will help your company to be more secure; every business is different and requires its own security strategy. Consider hiring an independent security consultant to asses your individual security situation. They will be able to help you create a comprehensive security policy that will meet your business needs.
EDUCATE YOUR EMPLOYEES
No security plan is effective unless followed by your employees. Measures can be taken to severely limit their privileges such as browsing the internet, reading email, or preventing the reading of files from USB drive or cd. However, draconian security measures can interrupt workflow and damage productivity. A better policy is to limit some user privileges while educating your employees about your companyâ€™s security policies.
About the Author
Mr. Price, a co-founder and organizing shareholder of Essential Security Software, serves as the companyâ€™s Product Marketing Manager where he is responsible for global marketing, new product and service development, and strategic partnerships. Zachary has authored many security related articles which have been published in a wide variety of magazines, newsletters and websites