Whether you are Microsoft, the Federal Government, VISA or just a small business, without proper planning, you can be a victim of a network security compromise.  While you always here about the high profile cases, there are daily network security failures taking place in today’s networked environments that never get reported.  According to the 2004 Computer Crime and Security Survey conducted by The Computer Security Institute & FBI, companies sustained losses of $141,496,560 in 2004 from computer security incidents.

There was a time when only large companies worried about network security breaches.  However, in this new world where everyone from the home user to the large corporation relies on technology for functions that range from email to the storage of sensitive data, it seems no one is immune to the havoc that viruses, worms, spyware and hackers can wreak.

So, what's a small business to do?  How do you keep your company's network secure?  Most small businesses do not have a specific IT budget set aside, much less a certain percentage allocated toward network security.  Yet the failure to have a secure network can cost a company far more than it would have ever spent on security.  Further, there are three things that every small business should know to reduce its chances of becoming another network security statistic.

Your employees are your biggest risk and asset.

• Almost 80% of all security breach incidents occur from within an organization.  Most often it is the seemingly innocent daily actions of employees which may put you at risk. Consider the email with an attachment that is opened, launching a company-wide virus within minutes.  Employees who are web-surfing on sites that are not reputable.  Employees who take work home, work on it using a home computer which has a virus, and bring it back to the office on Monday to add finishing touches.  One of the worst offenses is that sticky note with a user name and password on an employee's computer screen.  How many people walk by and read that username and password (visitors, janitors, service people, even other departments).

• It is necessary to create a company culture of vigilance.  The first step is awareness.  Educate employees about the risks.  Instruct them not to open emails and/or attachments from unknown sources.  Reduce non-business web surfing by implementing "acceptable use" policies, and reinforce them.  Internet content filters are great ways to prevent non-business web surfing without having confrontations with employees surfing habits.

There is no fool-proof method to ensure total security without unplugging your connection to the internet.

• Given the frequency with which new viruses are introduced, it seems impossible to keep up 100% with the constantly changing threats.  Symantec’s semi-annual Internet Security Threat Report for the first half of 2004, found over 10,000 malicious programs that could infect a Windows PC.  There will always be new threats.  The important thing is to have a plan in place for dealing with them.

Back to the basics: What every small business should have for a more secure network.

• Passwords that change on a regular basis and are not intuitive.

  • The National Cyber Security Alliance recommends using hard-to-guess passwords that are at least eight characters long and mix upper case, lower case and numbers. Don't share your password with anyone and change it at least every 90 days.

• Up-to-date anti-virus software on all workstations and servers.

  • Since new viruses are created every day, it is essential to have anti-virus software that can be updated regularly to protect against the latest threats, preferably automatically updated to every workstation from your server.

• Firewall with strong traffic policies to prohibit and allow communication.

  • Firewalls provide protection between your computer and the world.  They filter and block potentially dangerous and unauthorized data from the Internet and also let "good" data reach your computer.  There are two types of firewalls: software and hardware.  Software firewalls run on individual computers while hardware firewalls protect several computers at once.  The size and needs of your company determines whether you choose one or both.

• Email anti-virus and SPAM filters.

  • Using filters to intercept email viruses and SPAM is an important way to protect your network.  There are two types of email viruses: those that are enabled when opening an email attachment (i.e. the LoveLetter virus in 2000) and those that run automatically regardless of an attachment (such as the Nimda virus).  An email anti-virus filter will catch incoming messages that contain viruses and stop them in their tracks.  Typically you will receive an email notification to let you know that a virus was detected and quarantined.

  • SPAM is one of the biggest wastes of bandwidth and time in your company.  A SPAM filter separates unsolicited emails from those that are legitimate, placing the unsolicited messages in a separate folder or deleting it.  There is always the risk that the filter may block messages that are legitimate, so it is essential to develop the right mix of protection.  Most SPAM filters permit you to specify which emails you want to receive in your inbox based on a list of email addresses that you specify, often called a "white list".

• Anti-Spyware Technology

  • Spyware, by definition, is "any technology that aids in gathering information about a person or organization without their knowledge.  On the Internet, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.  Spyware can get in a computer as a software virus or as the result of installing a new program. It gives advertisers information about your web surfing habits so they can target you for particular products.  Anti-spyware is software or technology that disables spyware so you can regain your privacy.

Conclusion:

While no one can guarantee complete protection from network security breaches, it is critical to be proactive and have contingency plans in place.  One of the more popular approaches to putting the right network security functions in place is outsourcing this function to professionals. According to Network World, the outsourced IT professionals help you save time, give you access to reports and audits, as well as expertise that may not be available in-house.  Bringing in the experts may be just what you need to get a jumpstart on the security of your network.  Digital Cowboy Computers partners with IDA Secure to make sure your network is safe and secure.