Wednesday, November 14, 2007

Practical Cybersecurity Advice

Practical Cybersecurity Advice for Small Businesses

Just because your business is small, it doesn't mean you are immune to Internet threats. The number of attacks on small businesses is growing, leaving many business operations in a state of disarray.

If your small business is like many, it is extremely dependent upon technology and electronically stored data. Many of the steps you need to take to secure your information infrastructure won't cost your business money, or even much time.

The following are practical considerations and security precautions you should take to maintain the security of your information assets.

  • Use Strong Passwords — Passwords are the most common method of authenticating users to provide entry into a computer system. Cracking passwords is a way hackers can gain unauthorized access to your computer network. For that reason, you need a strong password that is hard to guess.  A strong password is at least eight characters and includes a combination of lowercase and uppercase letters, digits, and symbols. Sometimes trying to integrate that combination can create some not-so-easy-to-remember passwords. Here's a tip that might help create a more memorable password: Try replacing S's with dollar signs ($) and O's with zeros (0). Require users to employ a different password for each service or system they are accessing, and make sure everyone changes passwords every 45-60 days. And finally, do not write down passwords and leave them lying out in the open.
  • Be a Smart Email User — Email is fraught with potential security risks—in fact, most security threats are spread by email. Even if you have an antivirus solution in place, occasionally an infected message will manage to get through. To avoid infection, you should never use the preview pane function in your email program, never open attachments in emails from unknown senders, and even if you recognize the sender, you should still scrutinize the attachments before opening. If the attachment ends in an unusual extension—do not open it. Spam is also a prevalent problem and for that reason, you should never open junk mail. Do not reply to unsolicited emails, even if you are trying to unsubscribe—this only lets the spammers know that you have successfully received their message so they will continue to send more spam. Also, be on the lookout for phishing scams—emails that look like legitimate messages from places—such as banks that try to get you to divulge your personal information. Do not perpetuate spam by forwarding virus warnings and chain letters you receive-via email.
  • Be Alert When Browsing the Web — Be careful and alert when you are on the Internet—otherwise you could expose your business to unnecessary threats. Enable the security settings on your Web browser—you can usually find these settings in the Preferences menu. Do not enable file sharing, which can open the door to viruses and intrusion. You should also be very cautious when giving out personal information online. Even though a Web site claims to be secure, if you don't see a small padlock or key icon in the toolbar, and the page's URL does not begin with https: rather than http:, do not provide any sensitive information. That's because the page is not secure, and the information you provide will not be encrypted and thus vulnerable to interception. And whatever you do, do not click on any pop-up advertisements.
  • Use Antivirus Software — Antivirus software is still the best way to stay protected against today's viruses, worms, and Trojan horses. Antivirus software should be installed on all servers, desktops, and laptops—including devices used to make remote connections to your network. Remember, simply having the antivirus installed is not enough—for maximum protection from the latest threats, you should check for new virus definitions daily, and also perform weekly system scans.
  • Use a Firewall — Think about all of the important and sensitive information that lives in your small business network. Did you know that whenever you connect a computer to the Internet, a pipeline directly into your network opens up? Without a firewall, you are putting that information at risk. A firewall is essentially a protective wall around your network that keeps the information inside the network private and secure by constantly monitoring all data flowing in and out, looking for irregularities or signs of trouble. Be sure to use a network firewall, and also install a personal firewall on each computer. If you or your employees are accessing your network remotely, make sure the remote devices are equipped with a firewall because they will not be protected by the network firewall. Firewalls are available as software or hardware, and although they perform almost the same function, every small business should have both kinds. Excerpts from Symantec Small Business Library.


No comments: