Saturday, September 18, 2010

Protecting Your Business from Cyber-Criminals

I was recently invited to talk to a group of local business people about computer security for businesses.  It's an important topic because if your business is using computers for things like email, web browsing, accounting, online banking, inventory management, or payroll, you are almost certain to be a target of cyber-criminals. One recent study showed that an unprotected Windows computer taken right out of the box and connected to the Internet was typically hacked within 20 minutes.

Many business owners don't realize that as a business, you don't have the same legal protection as a consumer.  If hackers break into your business network and drain your bank account because you didn’t implement adequate security, your bank is under no obligation to reimburse you.  There are numerous stories of banks refusing to reimburse businesses who lost hundreds of thousands of dollars to cyber-criminals because they didn't take sufficient security precautions to prevent the thefts. 

The small business owner who recognizes the threat of computer crime and takes steps to prevent hackers from breaking in is less likely to become a victim. Here are six things every business should do to protect its computer network:
  1. Use a firewall. This is the first line of defense for your system. Firewalls scan all traffic into and out of your network to block unauthorized access. There are two kinds of firewalls: software and hardware. Software firewalls such as Windows Firewall run directly on your computer. Hardware firewalls are separate boxes that sit at the junction between the Internet and your local network. While hardware firewalls might offer slightly better security, either is much better than the alternative of doing nothing. Your Internet Service Provider might include a firewall as part of their DSL or cable modem.
  2. Use anti-virus and anti-spyware software and keep it updated. A firewall won’t block every threat.  Anti-spyware software looks for programs that secretly enter your computer and collect bits of information about you. This could include such things as the websites you visit or the keys you type to enter a password.  Anti-virus software scans all your files, looking for known or suspected malicious code—viruses, worms, or Trojans. Although each differs in its details, all can be serious threats. The anti-virus software scans for them all. Files considered threats are identified, where you can quarantine or delete them. If you think the suspect file isn’t truly a virus, put it into quarantine. Otherwise delete it.  In order to be effective, you need to keep anti-virus and anti-spyware software up to date.  New threats are constantly being released by hackers, and the best AV and AS vendors issue updates to detect the latest threats at least daily.
  3. Use highly secure passwords. What are the worst passwords? Here are a few of the most common: 123456, password, qwerty, letmein, abc123, and a few obscene words I won’t repeat here. Do a Google search on “worst passwords” and you’ll see a complete list. The best passwords are at least 14 characters long, don’t include any words found in the dictionary (including spelled backwards) and use a combination of uppercase and lowercase letters, numbers, and punctuation marks. Some sources advocate using a different password for every account and changing it regularly. At the very least you should use several different passwords for different kinds of business and personal accounts, and never share your passwords with anyone else. If anyone else learns your password, change it immediately.
  4. Keep your operating system updated with the latest security patches. If you use a Windows computer, turn on automatic updates or go to www.update.microsoft.com/microsoftupdate to install the latest updates. If you use a Mac, don’t assume you are automatically protected. Accept all new security patches when they are issued.
  5. Be cautious opening email attachments and clicking embedded links. Most viruses infect your computer because you opened an email attachment. Don’t think an attachment is automatically safe just because it came from someone you know. Scan it with an anti-virus software program before opening. For the ultimate in security, use a third-party provider to scan all your emails and block any viruses before they ever get into your network.  Also be careful about clicking on a Web link in an email. Rather than clicking the link, manually type the URL into your browser.
  6. Back up your data regularly. You never know when a hard drive will crash or your laptop will get stolen. Don’t wait for disaster to strike before you think about backing up your data. You can purchase a hard drive specifically for backing up your data or you can use an online service.  Just make sure you do it regularly—at least daily for business data.
While there can never be a 100% guarantee that you won’t be hacked, following all six of these steps will dramatically reduce the probability you will be a victim of a cyber-crime. If you’re not sure how to do all this yourself, consider contracting with an expert like TeamLogic IT (www.TeamLogicIT.com) to assess your vulnerabilities and take appropriate steps to correct them.