Security: Avoiding the Big Guys’ Mistakes

Posted by Jim Van on April 23, 2011 under data security, entrepreneur, security, small business | 3 Comments to Read

The IT Industry is FINALLY focusing on an issue that should have always been on the front burner: Security. And, with good reason: In the first two weeks of April, 2011 (this is being written in the third week of April), news headlines have revealed no fewer than 30 MAJOR breaches, affecting millions of consumers and businesses, exposing sensitive data to prying eyes.

Some of the cyberworld’s biggest repositories of data, including giant Epsilon, were breached, affecting 3 out of every 4 US consumers, and 6 out of every 10 US businesses. And the damage didn’t stop at the border: Canadian and other overseas consumers and businesses where also affected.

Several federal agencies have also experienced recent breaches, exposing not only taxpayer and government data, but also jeapordizing national security.

So, what gives?

In a word, policy, or lack of a good policy, anyways. Logicomm, my company, deals at the small business level, where the problem is severe enough, in spite of a more limited impact of a data breach. We find that nearly 80% of our clients have no cohesive data protection plan, no policy, and, most disturbing, nearly 60% don’t regularly back up their data. And yet, goverment and security statistics show that businesses that experience a data breach are 80% likely to be out of business in three years.

While the larger breaches get all the publicity and impact the most users, under the radar are the approximately 11,000 small businesses affected by data breaches every month. Some are minimal, while others are devastating for both the business and its clientele. And yet, a simple policy review could have prevented some 60% of those breaches from occuring, according to the Computer Secirty Institute, a non-profit industry association.

Some simple next steps:

1. Establish and enfore a solid data protection policy. Don’t let data leave the premises unless completely secure. Better yet: with all the remote software out there, you don’t need to let data leave the premises at all.

2. Establish a solid data backup plan. Don’t keep your backups on site. Best to use a service that backs up your data securely online, at a remote location. Make sure you use a reputable company.

3. Limit access to data on a need to know basis. Why should everyone in your company have access to all your client and work product data? It’s fairly simple and nearly cost-free to establish password protected directories on a server or other system where data is stored. According the the Dept. of Homeland Security, doing this will cut your risk of a breach by nearly 50%.

4. Keep your security software up to date, and use a solid anti-virus program. Sure, Norton comes with the computer, and it’s ok for home use, but if you’re in business, and are storing business data, you need a business-class software application, such as Kaspersky Pro, Trend WFRM, Esec or the like. Talk to an IT professional (ahem) who keeps track of the best in class at that point in time. For example, Logicomm includes security software in our maintenace subscrption, and in the past year, we’ve changed vendors because a better application came along. We study these things and subscribe to several security testng reports annually to ensure that our clients are protected by the best solution currently on the market.

5. For some heavier users, a firewall solution is recommended. Software-based firewalls are relatively inexpensive and highly effective at isolating external threats, including phishing, email-borne viruses, and service attacks. Again, you should consult a qualified IT professional rather than deploying a firewall on your own. In all likelihood, you’ll probably save money and deploy the right solution.