Solution Provider Alliance Offers Small-Business Security Tips
The ITSPA survey, which polled the group's own members, indicated that solution providers spent nearly 25 percent of their professional time resolving security issues for small businesses. Members also said that on average, their clients have been hit by hackers or viruses more than seven times in 2004.
"According to ITSPA research, SMBs are more vulnerable to security attacks than larger companies," ITSPA President Russell Morgan said in a statement. "Although SMBs are not attacked as often as large companies, they are very vulnerable when massive computer attacks take place such as worm or virus outbreaks. Also, security at large companies is much better than in the past, which encourages hackers to view SMBs as an easy target."
The organization has issued ten tips for small to midsize businesses in protecting their computers and systems:
- Install anti-virus software and update it regularly. This software scans incoming emails for virus signatures and, if a virus is found, deletes or quarantines it. It's critical to update this software regularly with new definitions because there are hundreds of new viruses each month.
- Keep your office computers safe. Not all computer problems start with viruses and hackers, but instead originate with unauthorized computer users. Make sure office computers are protected by locating them in secure areas. Log serial numbers to ensure computers can be identified if stolen, and etch these numbers--as well as company information--on hidden areas of the computers.
- Set up an Internet firewall. This is your company's first line of defense and protects your local network from outside attacks by screening and blocking all traffic between your network and the Internet that isn't allowed. The firewall also hides computer addresses and makes them invisible to outsiders. Installing a hardware firewall is simple as it connects between the cable/DSL modem and computers on your network.
- Strong passwords are best. It's hard to remember passwords, but why make it easy for hackers by using weak or simple words? Never devise passwords based on your real name, username or company name, or use easily-guessed numbers such as 1234. Change your password at least once a month, and use passwords that are eight letters or more in length with lower- and upper-case letters, numbers and symbols.
- Download computer updates regularly. Older computer systems, such as Windows 98 or 95, should be discarded in favor of Windows XP Professional, which is more robust and secure. Security updates are downloadable at office.microsoft.com/officeupdate. Sign up for Microsoft Security Update, a free e-mail alert service designed for small businesses that tells you when to take action and what software to download.
- Teach employees to safely use e-mail. The first rule of thumb is never open suspicious or unsolicited attachments. Avoid responding to spam, too, especially links that claim you will be removed from the spammer's mailing list. The second rule of thumb is never provide credit card numbers, passwords or personal information in response to email messages. Finally, check regularly for email updates and be sure to install anti-virus software.
- Make wireless networks secure. Because wireless networks, known as 802.11 or Wi-Fi, use radio links instead of cables to connect computers, they are more vulnerable to hackers. Easy-to-buy tools allow hackers to listen in or transmit data on your network. Several encryption technologies, such as Wi-Fi Protected Access, are available to prevent such eavesdropping.
- Get security help from a solution provider. Although there are perhaps 100,000 IT solution providers nationwide, not all are knowledgeable or experienced in security services. Before hiring a solution provider, ask to have documented the levels of security expertise. At a basic minimum, the company should have a Certified Information Systems Security Professional (CISSP) on staff. Ideally, the company also will have a Microsoft Certified Systems Administrator (MCSA) on staff, as well. Finally, look for solution providers that have a CompTIA Security+ Certification, which measures security competencies.
- Perform quarterly security assessments. Have a reputable IT solution provider ensure that any current computer/network vulnerabilities are identified and remediated.
- Build legislative requirements into your security plan. Be sure your security plan includes appropriate legislative requirements associated with Federal Acts such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA.