The Weakest Link in Network Security Viruses and spyware threaten your data security--but carelessness can be an even bigger threat.

By Peter Alexander

Opinions expressed by Entrepreneur contributors are their own.

Your small-business network may be protected by firewalls, intrusion detection and other state-of-the-art security technologies. And yet, all it takes is one person's carelessness, and suddenly it's as if you have no network security at all.

Let me give you an example. In March 2006, a major financial services firm with extensive network security disclosed that one of its portable computers was stolen. The laptop contained the Social Security numbers of nearly 200,000 people. How did it happen? An employee of the firm, dining in a restaurant with colleagues, had locked the laptop in the trunk of a SUV. During dinner, one of the employee's colleagues retrieved an item from the vehicle and forgot to re-lock it. As fate would have it, there was a rash of car thefts occurring in that particular area at that particular time, and the rest is history.

The moral of that story is clear: No matter how secure your network may be, it's only as secure as its weakest link. And people--meaning you and your employees--are often the weakest link. It's important to note that poor security puts your business, as well as your partners, at risk. As a result, many enterprises and organizations, such as credit-card companies, now specify and require minimum levels of security you must have in order to do business with them.

So what can you do? Here are nine ways to minimize the risks that people can pose to the security of your company's data:

  • Password-protect your computers and mobile devices--particularly laptops. One basic step toward defending data is to require a password to launch Windows on a PC. It's not bullet-proof, but it's a start, and it's a particularly important first defense for portable computers.
  • Ideally, create a password that contains a mixture of characters and numbers and can't be easily identified with the primary user of a computer. For instance, the password 'Sam' on a computer belonging to an employee named Sam would be easily guessed. Instead, it's better to create a complex password mixing numerals and lower-case and capitalized letters, something that means something to you so you can remember it. Example: '2LgPepPz' would be a better password for Sam, particularly if he loves large pepperoni pizzas.

    For the best protection, passwords should be changed every three months. Users shouldn't share the passwords they create with anyone (administrators can still log onto a password-protected PC to perform diagnostics, system administration and other tasks).

    Another option is to use two-factor authentication. With a two-factor authentication system, you gain access to a computer using a password or PIN as well as an authenticator, a device (such as a smart card or USB device) that automatically changes your password every 60 seconds or so. Banks and other companies are increasingly moving toward two-factor authentication to prevent ID theft and other security risks.

  • Don't store passwords in unprotected areas. The more complex a password is, the easier it is to forget and you may want to record it somewhere. But don't store your passwords in, say, a basic Word or Excel file or on a sticky note on your monitor. Instead, there are inexpensive software programs available that let you manage and secure multiple passwords.
  • Consider laptops with biometric security. If you're in the market for a new laptop, consider one that comes equipped with a biometric fingerprint scanner. The scanner reads fingerprints and only allows access to files on the computer to a user with an authorized fingerprint.
  • Encrypt confidential files. Another way to protect sensitive data is to encrypt the files containing that data. Encryption scrambles data so that only an authorized user can access it. You can encrypt files using built-in tools in Windows XP Professional (but not XP Home), though some third-party applications offer more--and sometimes stronger--encryption tools.
  • Whenever possible, don't carry confidential data on a portable device or removable media. For maximum security, keep sensitive data off laptops, PDAs, BlackBerrys and other portable devices. As illustrated by the financial services firm example, if the device is lost or stolen, so is the sensitive data the device contains. If you must physically transport sensitive data, consider storing it only on an encypted flash-memory USB drive. Store the drive in your pocket and not in the laptop bag, so that you'll still have it if the laptop is stolen or lost.
  • Lock your laptop when traveling. Like bicycle locks, laptop security cables (costing $20 and up) allow you to physically secure your portable computer to a post or other stationary object. Most current laptops have a standardized security slot, into which you insert a locking device, which in turn is attached to the cable. For example, if you're leaving a laptop in a hotel room that doesn't have a safe, you could insert the locking device into the portable PC's security slot, then wrap the cable around the narrow base of the bathroom sink. Portable laptop alarms are also available that emit a loud sound when your laptop is moved, which is helpful when waiting for the plane or other crowded area.
  • Stay up to date. Keeping apprised of new tools and technologies can help you continue to bolster the security of your business's data. For instance, new software utilities allow you to remotely erase all data on a lost or stolen smartphone just by sending a text message to the phone. And in recent months, new laptop hard drives have become available that automatically encrypt all data.
  • Be vigilant. Above all, you and your employees must stay on guard to protect sensitive data. To help keep everyone on their toes, post signs above shared printers and fax machines, reminding users not to leave sensitive documents lying around. Place paper shredders near recycling bins or other common areas and encourage employees to use them.
  • Create and enforce a security plan. Last, but not least: Your business should have a detailed, written security plan for employees that includes specific policies and procedures--including many (if not all) of the steps listed above. If security procedures aren't in writing, it's far too easy for employees to use the "I didn't know" defense. And a security plan only works if it's enforced and kept up-to-date.

To devise a security plan, you may want to consult your trusted IT advisor. Also, your network vendor may provide online tools that can help you create a security plan. For example, Cisco Systems offers the Cisco Security Policy Builder, an online tool that can help you create a security policy tailored to your business's specific requirements. Based on your answers to questions posed online, the tool will create a customized security policy template as a Microsoft Word file and e-mail it to you.

The Alternatives? Lost Business, Lawsuits and More
Does all this sounds like a lot of trouble? Of course it does. But imagine what would happen to your business if all your customers' credit-card information was stolen--simply because an employee left a laptop containing that data in an unlocked car? At a minimum, you risk angering and losing customers.

Also, many small businesses, particularly those in financial and health-care services, must comply with regulations that mandate information security. One stolen laptop, and your business could be faced with heavy penalties due to non-compliance.

In short, better safe than sorry. So get on the phone with your trusted IT advisor and start creating your detailed security plan today. You'll sleep better tonight.

Peter Alexander is vice president of worldwide commercial marketing at Cisco Systems Inc., the leading supplier of networking equipment and network management for the internet.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Science & Technology

This AI is the Key to Unlocking Explosive Sales Growth in 2025

Tired of the hustle? Discover a free, hidden AI from Google that helped me double sales and triple leads in a month. Learn how this tool can analyze campaigns and uncover insights most marketers miss.

Business News

'We're Not Allowed to Own Bitcoin': Crypto Price Drops After U.S. Federal Reserve Head Makes Surprising Statement

Fed Chair Jerome Powell's comments on Bitcoin and rate cuts have rattled cryptocurrency investors.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

A New Hampshire City Was Named the Hottest Housing Market in the U.S. This Year. Here's the Top 10 for 2024.

Zillow released its annual lists featuring the top housing markets, small towns, coastal cities, and geographic regions. Here's a look at the top real estate markets and towns in 2024.

Thought Leaders

Are You a Small Business Owner or an Entrepreneur?

The fact is, all business owners are entrepreneurs.

Business Ideas

Is Your Business Healthy? Why Every Entrepreneur Needs To Do These 3 Checkups Every Year

You can't plan for the new year until you complete these checkups.