9 Steps to Better Security As your business gets more dependent on technology, your computer becomes more targeted by hackers and others constantly on the prowl for vulnerabilities.
By Ramon Ray
Opinions expressed by Entrepreneur contributors are their own.
Some data security attacks are done by those who just want the challenge of breaking into a system. But most attacks have more malicious intent such as stealing credit card numbers, social security numbers or other personal data for immediate financial gain. Corporate intellectual property theft is also done by hackers to resell the information or on behalf of competitors.
To protect your critical information, here's an arsenal of must-have tools and procedures:
1. Anti-Virus software is a must to ensure that viruses do not cripple your computers. It's not a question of will you get a virus but when. Install the right software to block the virus and prevent it from infecting your computer system. Viruses should not be your only concern. Be ware of phishing scams that make you think you are accessing your bank account when you are actually accessing a hacker's website that looks like your bank's. Many anti-virus products are bundled with anti-phishing and other security features.
2. Firewalls are one of the first lines of defense for your network and individual computers. Their job is to ensure that only information you authorize leaves and enters your computer system. Hardware firewalls are physical appliances that should be installed on the outer layer of your network, such as the entry point for your internet connection. Software firewalls should also be installed on every computer. Firewalls can't be simply installed right out of the box. For optimal security, they should be properly configured by a security expert to optimize your business security.
3. Intrusion detection systems add a third layer of security to your network and help block malicious activity undetected by your firewall or anti-virus product. Some viruses, for example, are programmed so well that they appear to be legitimate traffic that should be allowed through your network. In reality, they are software that can bring down your entire network. Intrusion detection software (and/or appliances) can help detect this sort of attack as well.
4. Backing up data is something that many of us do not do enough of. Close your eyes and think what would happen if you came into your office tomorrow and realized all your data as erased. For many companies, this would severely cripple business. Backing up your data ensures that when data is lost, you can recover it. Backup solutions include backing up data to an online storage service, to CD or DVD, or to some other removable media, such as another computer or hard disk. Whatever method you choose, make sure you test the backup. What a shame it would be to back up data year after year, and realize that when you need it, the data was corrupted and unusable.
5. Wireless security must be at the top of your mind if your business is going to use mobile technology. As your salespeople in Maine are using a wireless internet connection, a hacker may be snatching their data from the air and stealing their credit card numbers. Your competition may be wirelessly accessing your network and downloading your customer records and quarterly sales data. It's important that the data on your mobile device is encrypted and password-protected, and that access to your network is limited to authorized users. Work with your wireless service provider to ensure your connection to the internet on your mobile devices is secure, and contact a security expert to configure secured wireless access to your network. When you remotely access your corporate network (wirelessly or wired), use a virtual private network (VPN) to ensure data transmissions are secure. A VPN locks your data into a virtual tunnel as it traverses the public Internet.
6. Application security is not talked about as much as viruses or phishing, but it's an equally important aspect of your total security solution. Maybe you sell shoes via a website and use an online database to handle the customer information and e-commerce transactions. The database or the e-commerce software might not be securely implemented. Maybe there is a "back door" security vulnerability that your programmer did not know about, and a hacker can exploit it to steal information. As you run your business using online applications or even applications on an internal computer network, make sure the application is secure and that unauthorized users do not have access to it. Good hackers have the patience and expertise to find even the smallest vulnerabilities in your online applications, so protect your business and your customers.
7. Biometric security uses a finger print, iris or other part of your body to authenticate who you are. It is a very good line of defense and can be used in addition to passwords for extra security, or in place of passwords. Most users have to remember several passwords in the daily use of their computers. Using the built in biometric reader that comes with many notebooks is an easy and low-cost way to enhance corporate security.
8. Updating your software is another important and low-cost way to increase your security. Your operating system and web browser are two software that should be updated on a regular basis, as the updates are available from your software vendors. For Windows users, you can set Windows to automatically download and update patches as they are released, or visit windowsupdate.com. On newer computers, the automatic updating is turned on by default.
9. "Social engineering" attacks--Educate your employees, customers and partners that they are the first line of defense. In Kevin Mitnick's, The Art of Deception, Mitnick writes how many of his security breaches were successfully done, not using technology, but by getting the right person within a company to give him the information he needed (used by itself or in combination with other information), such as passwords, account numbers or user names. By sweet talking an unsuspecting secretary for example, he could make her (or him) think he was the IT technician who needed a certain password. Alert your employees to never give out their user names, passwords or any other details unless they are absolutely certain who they are giving it to.