One of the largest challenges facing small and medium sized UK businesses is IT security. As a business becomes increasingly reliant on the data on its systems, it faces ever-increasing threats to the network and data integrity.
Everyone is aware of issues in the media regarding internet usage and security of our electronic data. These issues are almost the same; it’s just the scale of the solution and the cost that differs. So is it really an issue or are we just scare mongering?
The simple answer is yes, if you don’t take reasonable steps to protect it. Would you leave your home unlocked? Of course not, but this analogy holds true to computers and systems.
How do you ‘shut the door’ to your PC network?
Simple steps will effectively reduce the risk to an acceptable level - we must protect our data and limit the amount of risk, without spending very large amounts of money.
IT systems use a multi layered approach to ensure security, similar to methods used in banks. When it comes to protecting the money, banks place their highest security closest to the actual money, together with the front of house security.
This multi layered approach allows and encourages normal people into the bank, but in turn discourages the robber with a difficult path to the money.
So how does this really translate from IT speak into real world? Firstly email, we all use it, so it is important that we take steps to ensure the emails we receive are relevant to the business:
Spam
We need a device or a service from a provider that “cleans” our emails of spam, and removes viruses at the same time, ensuring what you receive in your inbox is relevant.
These systems aren’t 100% perfect, therefore any system implemented must be able to learn and needs to be simple to use/administer. We need to extend this protection to the actual PC as another layer in the form of a suite of software that blocks and inhibits spyware, viruses, etc.
This software needs to be adaptive to the threats, and it needs to talk to a central system with status information.
Our security doesn’t end there; we almost certainly have internet access at work, so we must take steps to protect our computer network and its data from the outside electronic world:
Firewalls
Firewalls are a device that stops the Internet from getting inside your computer network. These devices vary considerably in features and price and one size does not fit all!
Best practise would dictate a relatively simple (fast) device is placed closest to the internet to undertake simple security blocking tasks (like the front door to the bank), then closer to the users you would place a more complex device (like the bank vault) that can undertake a very fine inspection of information flowing in.
These complex devices can also inspect/block what is going out from your network, which can be a useful productivity and security tool if your staff are surfing the Internet at potentially unsafe web sites.
These devices and ideas are the starting point of formulating an IT security plan and policy, each business is unique and each requirement and its solution is different from the next.
Are the risks real?
Yes they are. The use of professionally written, intelligent and well executed viral code is becoming widespread.
Infections today are less openly destructive than they used to be as the writers now know that they can extract useful and valuable data that has a financial worth, like credit card details. Infected machines allow these people to undertake criminal activities such as money laundering, and allowing terrorism to be funded.
These attacks are not just limited to small time ad-hoc efforts; they can be streamlined targeted affairs for a particular purpose. This type of criminal activity is rapidly becoming mainstream; the number of detected viruses over the past two years is almost equal to all the viruses detected since they started recording such information!
The approach above is typically through email or web sites but we haven’t mentioned direct attacks i.e. “Hacking”. People try and exploit security weaknesses in your Firewall, computers or even people, they could attack your network via a home worker who’s PC is unchecked an insecure. They can also use a “blended” attack where they use a virus to allow backdoor access through your firewall and attack from within! There must be many security hurdles in place to thwart a determined hacker from gaining access to your network.
To put matters in to perspective it is all about what risk your business is willing to accept. This answer alongside your business type and what you do for a business will help determine the solution.
So how can small businesses maintain the highest levels of data protection?
Layer your security
It’s important to defend your business in depth. Use an integrated endpoint security solution and ensure your security patches are up to date. In addition, your antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops and servers should also be updated with the necessary security patches from the operating system vendor.
Consider deploying a personal firewall to help control network traffic to any of the endpoint devices that have to access your network. Also, make sure to enable the security settings on Web browsers and disable file sharing.
Additionally, teach users to develop strong passwords with at least eight characters and a combination of numbers, letters, and special characters. Recent research has shown that people tend to use the same passwords every time they go online and more than 1.7 million people are at risk of falling victim to internet fraud.
Ensure your business isn’t at risk by changing all passwords every 45-60 days to make it more difficult for intruders to access your data.
Spam is the leading source of malicious software entering networks today. Spam not only diminishes productivity, it also puts a strain on storage and bandwidth requirements. Deploy anti-spam technologies at the mail gateway to proactively protect your environment.
Implement a network access control solution
All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorised entry and malicious activity. Ensure any infected computers are removed from the network and disinfected as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network.
To ensure they have the latest protection, small businesses should apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions.
Stay Informed
Several companies publish reports that help define the threat landscape for small businesses. These reports can be found on their websites or through online searches. This is a great way to stay informed about what you’re up against.
Don't forget physical security
There are a number of routine physical security tactics employees within smaller businesses can use to help strengthen their companies’ security defences. These include using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being mindful of the physical security of mobile devices and laptops, which are popular target for theft.
Back up your data
For any number of reasons – disaster, human error, hardware failure, and so on – your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data off site. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.
Everyone is aware of issues in the media regarding internet usage and security of our electronic data. These issues are almost the same; it’s just the scale of the solution and the cost that differs. So is it really an issue or are we just scare mongering?
The simple answer is yes, if you don’t take reasonable steps to protect it. Would you leave your home unlocked? Of course not, but this analogy holds true to computers and systems.
How do you ‘shut the door’ to your PC network?
Simple steps will effectively reduce the risk to an acceptable level - we must protect our data and limit the amount of risk, without spending very large amounts of money.
IT systems use a multi layered approach to ensure security, similar to methods used in banks. When it comes to protecting the money, banks place their highest security closest to the actual money, together with the front of house security.
This multi layered approach allows and encourages normal people into the bank, but in turn discourages the robber with a difficult path to the money.
So how does this really translate from IT speak into real world? Firstly email, we all use it, so it is important that we take steps to ensure the emails we receive are relevant to the business:
Spam
We need a device or a service from a provider that “cleans” our emails of spam, and removes viruses at the same time, ensuring what you receive in your inbox is relevant.
These systems aren’t 100% perfect, therefore any system implemented must be able to learn and needs to be simple to use/administer. We need to extend this protection to the actual PC as another layer in the form of a suite of software that blocks and inhibits spyware, viruses, etc.
This software needs to be adaptive to the threats, and it needs to talk to a central system with status information.
Our security doesn’t end there; we almost certainly have internet access at work, so we must take steps to protect our computer network and its data from the outside electronic world:
Firewalls
Firewalls are a device that stops the Internet from getting inside your computer network. These devices vary considerably in features and price and one size does not fit all!
Best practise would dictate a relatively simple (fast) device is placed closest to the internet to undertake simple security blocking tasks (like the front door to the bank), then closer to the users you would place a more complex device (like the bank vault) that can undertake a very fine inspection of information flowing in.
These complex devices can also inspect/block what is going out from your network, which can be a useful productivity and security tool if your staff are surfing the Internet at potentially unsafe web sites.
These devices and ideas are the starting point of formulating an IT security plan and policy, each business is unique and each requirement and its solution is different from the next.
Are the risks real?
Yes they are. The use of professionally written, intelligent and well executed viral code is becoming widespread.
Infections today are less openly destructive than they used to be as the writers now know that they can extract useful and valuable data that has a financial worth, like credit card details. Infected machines allow these people to undertake criminal activities such as money laundering, and allowing terrorism to be funded.
These attacks are not just limited to small time ad-hoc efforts; they can be streamlined targeted affairs for a particular purpose. This type of criminal activity is rapidly becoming mainstream; the number of detected viruses over the past two years is almost equal to all the viruses detected since they started recording such information!
The approach above is typically through email or web sites but we haven’t mentioned direct attacks i.e. “Hacking”. People try and exploit security weaknesses in your Firewall, computers or even people, they could attack your network via a home worker who’s PC is unchecked an insecure. They can also use a “blended” attack where they use a virus to allow backdoor access through your firewall and attack from within! There must be many security hurdles in place to thwart a determined hacker from gaining access to your network.
To put matters in to perspective it is all about what risk your business is willing to accept. This answer alongside your business type and what you do for a business will help determine the solution.
Data security tips for small businesses
Coinciding with Small Business Advice Week, Ross Walker, UK & Ireland Director of Small Business at Symantec, has provided Bytestart readers with some useful advice on how to protect business information, prevent data loss, and better manage critical business data. Smaller businesses survive and thrive precisely because they can be more flexible than larger companies. These smaller businesses are often able to make best use of remote access into the network (whether via VPNs on the PC or laptop or mobile devices) driving high efficiencies and high levels of staff productivity. Yet, at the same time, with a greater variety of devices access accessing the network there is an increased risk of security threat. Furthermore, these threats are getting much more sophisticated and the damage therefore much more difficult to control without the right processes and tools in place.So how can small businesses maintain the highest levels of data protection?
Layer your security
It’s important to defend your business in depth. Use an integrated endpoint security solution and ensure your security patches are up to date. In addition, your antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops and servers should also be updated with the necessary security patches from the operating system vendor.
Consider deploying a personal firewall to help control network traffic to any of the endpoint devices that have to access your network. Also, make sure to enable the security settings on Web browsers and disable file sharing.
Additionally, teach users to develop strong passwords with at least eight characters and a combination of numbers, letters, and special characters. Recent research has shown that people tend to use the same passwords every time they go online and more than 1.7 million people are at risk of falling victim to internet fraud.
Ensure your business isn’t at risk by changing all passwords every 45-60 days to make it more difficult for intruders to access your data.
Spam is the leading source of malicious software entering networks today. Spam not only diminishes productivity, it also puts a strain on storage and bandwidth requirements. Deploy anti-spam technologies at the mail gateway to proactively protect your environment.
Implement a network access control solution
All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorised entry and malicious activity. Ensure any infected computers are removed from the network and disinfected as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network.
To ensure they have the latest protection, small businesses should apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions.
Stay Informed
Several companies publish reports that help define the threat landscape for small businesses. These reports can be found on their websites or through online searches. This is a great way to stay informed about what you’re up against.
Don't forget physical security
There are a number of routine physical security tactics employees within smaller businesses can use to help strengthen their companies’ security defences. These include using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being mindful of the physical security of mobile devices and laptops, which are popular target for theft.
Back up your data
For any number of reasons – disaster, human error, hardware failure, and so on – your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data off site. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.
No comments:
Post a Comment