Small Business Technology: Learning To Deal With Internet Threats

By David A. Shaffer



Important business information is compromised daily by the many threats that are being engineered by the hacker community. For example, the popularity of e-mail worms reached epic proportions in 2001 as evidenced by CNET News.com proclaiming 2001 as the “Year of the Worm.” Traditionally, small business has been the most susceptible to these threats. Just as these smaller companies are more likely to ignore proper software licensing due to a lack of education, they are more likely to ignore proper data security due to what is perceived as a non-threatening situation. Or they perceive it to be an unnecessary expense compared to IT dollars that need to be invested into infrastructure or equipment upgrades. There are many affordable countermeasures that smaller companies can and must take to secure their valuable data and intellectual property.

There are five different pieces that comprise a data security program: policy, awareness, risk assessment, technology and process.

We should focus on the importance of awareness and how it is the most critical piece to the success of the security program. Once we have established awareness, and are aware of the risks, there are technologies that can provide a defense in depth against Internet attacks.

One of the most well known tools is an antivirus program. This software is quite common but is rarely updated to insure its effectiveness. Virus scanning programs are only as good as the last time they have been updated. Especially in companies without dedicated information technology staff, computer users rarely update virus programs even when there is a mechanism to do so. The answer? Make the updates automatic and transparent to the computer user. Enter corporate versions available from the most reputable antivirus companies. These applications run on a machine with Internet access and can deliver updates to the workstations automatically. When these are installed and configured correctly a business has established a reliable barrier to help protect their information.

Many small businesses are currently looking for broadband Internet connections in the form of DSL, cable or dedicated T-1. This affords the company a dedicated “always-on” connection to the Internet. Every dedicated Internet connection requires a firewall or device which combats the most common type of attacks a hacker might employ to gain access to your computer systems or prohibit others from accessing your system. Important point — many telecomm companies will use a router device to deploy connectivity to the office and will tell you that it has a firewall built in. To a degree this is true, but the firewall technology used is usually the most simple to expose and compromise. Make sure a dedicated firewall device is used in combination with the router. As an example, a firewall that will provide defense against most Internet threats for an office of 10 people could be as affordable as $400. For 50 people that price might move to $1,000. What’s more, some of the firewall products available today administer all of the antivirus applications from the firewall itself, thus reducing the operational expense. The cost of recreating valuable data is exponentially more expensive than the cost of taking defensive measures. Once again, the adage “An ounce of prevention is worth a pound of cure,” rings true.

If the security community and its advocates reach out to the small business owners and managers and strive to educate them about the importance of company security and security training, it will help prevent the rapid replication of Internet threats from hacker and virus engineers. With the vast majority of companies comprising the global economy being of the small business variety, education and training are the keys to controlling these threats and raising the productivity and revenues of all those concerned.



David A. Shaffer, MCSE,GSEC, is president of Tier One Technology Partners. He can be reached at 800-431-2282 or davids@tieroneIT.com.