Many small-business owners assume that large corporations are far more vulnerable to internet security threats than they are. In truth, however, it's often the other way around. For example, the destructive Mydoom worm affected one out of three small and mid-sized businesses--but only one out of six large enterprises, according to the Internet Security Alliance, a non-profit organization that provides a forum for information security issues.
Because they have a false sense of security and assume they're not at risk, many small-business owners don't adequately protect their computers and networks from spyware, viruses, worms, hacker attacks, customer data theft and other security threats. In addition, with so many balls to juggle already, entrepreneurs often put computer security far down on their to-do lists--if it makes the list at all.
The result: Nearly half of all small and mid-sized businesses haven't taken the most basic security precautions, such as installing antivirus and anti-spyware programs, reports research firm AMI-Partners.
Why You're at Risk
There are several reasons why your computers, network and the data that resides on them are at greater risk now than ever before.
- Enterprise network security is harder to breach. In recent years, many corporations, impacted by internet threats and in order to comply with strict security measures required by the Sarbanes-Oxley Act and other regulations, have significantly bolstered their network security. As a result, criminals are increasingly turning their attentions toward easier hacker targets--small businesses.
- Unprotected systems are easier to find. Many hackers now have software tools that constantly search the internet for unprotected networks and computers. Once discovered, unprotected computers can be accessed and controlled by a hacker, who can use them to launch attacks on other computers or networks.
- Computer security threats are more sophisticated--and more damaging. Spyware authors are busy creating pernicious programs that resist removal, perpetually mutate, and spread across the internet in minutes. Meanwhile, blended threats, which assume multiple forms and can attack systems in many different ways, are on the rise. Small businesses without adequate, updated security solutions can easily be victimized by these and other threats.
- Threats often come from within. All too often, security breaches don't come from outside the company but from within, either intentionally or unintentionally. For example, an employee may unknowingly download spyware while playing an online game or visiting a website. Small-business systems are more vulnerable to employee tampering simply because they often lack the internal security precautions of a larger enterprise.
- The resulting impact of a security attack is greater. Small businesses often lack the financial resources that large companies have to bounce back from security attacks. Suppose you're an online retailer and a hacker launches a denial-of-service attack against your website. Do you have the necessary insurance or funds to recover from the subsequent loss of revenue--not to mention the damage to your business's reputation?
What You Can Do
Fortunately, there are plenty of ways to protect your business from internet security threats.
- Change your thinking. Internet security should be a fundamental part of your business survival/continuity plan. Think of it this way: Many small businesses have grown reliant on the internet for communicating with customers and partners; selling or marketing their products or services; and more. How will your business continue to perform those functions if your computers are affected by a devastating virus?
- Assess your needs. Do you have a full understanding of the security you need vs. what you currently have? If you're a harried small-business owner, chances are the answer's "no." The good news is, you may have more protection than you realize. For instance, most home office and small-business local area network (LAN) routers include a built-in firewall--technology that blocks intruders from accessing the computers on the network.
- Cover the basics. At a minimum, all your business computers should be protected by a hardware or software firewall and antivirus and anti-spyware programs. Some internet security suite solutions geared toward small businesses combine all three protections, as well as offer safeguards against identity theft, spam, phishing scams and more.
- Get help. Does computer security seem like too a daunting task for you to handle? If so, hire a consultant to perform a security audit of your business systems and network and make recommendations. Your network equipment reseller or technology vendor can also help you determine the security solutions you need. Another option is to outsource the job. A managed service provider can design, implement and maintain your network security solution for a flat monthly fee.
- Put it in writing. A detailed, written security plan that includes policies and procedures as well as technology requirements is particularly important for businesses with employees. If your security procedures aren't set down in writing, they're easy for an employee to dispute or disregard.
- Keep your security updated. New internet threats are emerging daily. Your security solutions won't be effective against new viruses, worms or spyware if they're not regularly updated. Fortunately, most antivirus software and other security solutions can be updated automatically.
- Give wireless networks extra protection. On a wireless network, data is transmitted over radio waves, which can be easily intercepted. This means a wireless network is inherently less secure than a wired one. If you or your employees use a wireless connection to access company databases or files, consider taking additional security measures. For instance, a virtual private network (VPN) connection provides a secure way for mobile workers to wirelessly tap into a company's network.
- Don't go overboard. A house without any windows or doors would be extremely secure--but who would want to live there? By the same token, the more secure your computer or network is, the more difficult it can be to use. Find the right balance between security and usability, and stick with it.
- Prepare for the future. A secure network provides businesses with benefits beyond protection from internet threats. Inherently, a secure network is a robust network. And a robust network is an excellent foundation that can support new technologies, such as VoIP, that can greatly increase productivity and reduce operating costs.
Ultimately, when your business is secure, it's stronger and more agile--and definitely more competitive.
Peter Alexander is vice president of worldwide commercial marketing at Cisco Systems Inc., the leading supplier of networking equipment and network management for the internet.