The biggest problem I see in computer security is that business owners don't believe that anything bad can happen to their computers -- until it does. I've seen it before, more than once.
In 1995 when I was Technical Services manager for a 500+ person corporation I was not able to get budget line item approval for antivirus software. No one believed it was a problem till it happened. We recovered with only two days of down time and expenses not only for the software but also for additional outside technical people and overtime for IT staff to correct the problem.
Most small business owners I talk to believe they don't need to worry about security. Their reason, 'who would want to target my business when there are so many bigger targets'. It is true that small businesses are not targeted as much as larger companies, but size is a small factor in who gets attacked. The biggest reason for being attacked is being part of a larger attack such as mass worm outbreaks. Another is that since security is being tightened at large companies, small business networks look increasingly tempting to attackers. And lastly, is the assumption that all attacks come from outside.
Only a couple weeks ago I had a call from a customer who was having a problem dialing into one of their remote computers. I investigated and while performing spyware scanning I noticed someone else was controlling the computer. Security has obviously been compromised so the machine was shut down and the holes plugged. Then I spend several hours analyzing the inside networks to make sure the breach had not let the hackers into the rest of the network. Fortunately everything was secure.
Regardless of how or why your business is attacked, recovery takes time and effort. Imagine your computer systems being unavailable for a several days. Imagine if you lost all the information stored on your computers. Imaging what someone could do with a list of your customers and sales information. How long would it take you to notice? What would the exposure cost you?
A couple years ago one of my new customers who was not diligent updating their antivirus software called me saying all his important documents and spreadsheets were no long readable. I found he was infected with the KLEZ virus. He now has adequate antivirus software but is still reconstructing his documents.
It seems to be a no brainer to me. You don't leave your house or business without locking the door and it's commonplace for automobiles to be equipped with anti-theft equipment. The same should be true for your most important business asset -- information. A few simple steps can make you less vulnerable.
No security measures will protect you 100 percent. If someone wants in bad enough they will find a way. However, you can achieve a reasonable level of security and be prepared in case breaches happen. |
Cabling, Routers
Cable, DSL
IP Phones and PBX
