Introduction to Security
February 11, 2016
NuWave Security Series Part 1
This is the first in a ten part series on information technology security from SBAM Approved Partner NuWave Technology Partners.
Why Your Business is a Target
Hardly a day goes by without an announcement of a well-known major corporation that has had its website or computer system compromised, resulting in the theft of its customer’s private information. The information a business collects and stores about its customers is typically one of the most valuable assets it has. That data represents the trust people place in the business and they expect it to be treated with respect and protected with the utmost care.
Many small business owners dismiss security concerns saying, “My business is small. It is not a target”. We often see these businesses using consumer grade firewalls or just a router between their network and the internet. They often are running free or expired anti-virus software and are generally unprotected or, at best, poorly protected from outside threats. It is important to understand that there are thousands of automated programs known as BOTs that are constantly scanning networks to see if they are vulnerable. When a BOT finds a vulnerable network it either marks it or it may penetrate the network and take whatever data it can. The most concerning part of this is that most small to medium businesses don’t have the tools in place to even know that they have had data stolen. The perpetrators purposefully try to remain undetected, like they did with the Target stores, so that they can come back and continue to collect data over a period of months or even years.
The fact is that if your network is connected to the internet means YOUR BUSINESS IS A TARGET!
The penalties for such a breach can be enormous. Most states now have mandatory disclosure laws that require a business to individually notify anyone whose information may have been compromised. This disclosure typically cost ten to fifteen dollars for each person or entity. Plus there is the loss of confidence and reputation that can be far more costly. A small to medium firm can easily be put out of business with a single breach.
So, what should you do about it? Unfortunately there is not a single “silver bullet” that will provide blanket protection from all security threats. Over the next several articles we will present a high level overview of the different layers of security. We will discuss physical security, firewalls, anti-virus and anti-spyware software, the risk that mobile devices bring, secure email, SPAM filtering, wireless networks, and others. The goal is to help you as a business owner understand the various layers of security so that you can make sure your IT staff or IT service provider have the appropriate security measures in place to protect your private corporate data and your customers private data.
The same rule of thumb applies to network security as it does to home or business security. The harder you make it to break in, the more likely the thief is to move on to an easier target. It is important to budget properly and purchase good quality commercial grade products to provide adequate protection. The fifty dollar or even one hundred and fifty dollar router you can buy at the local retail store does not provide adequate protection for a business. Nor does it provide the same level of protection that a good entry level firewall that cost eight hundred to one thousand dollars does. On the other hand you probably do not need a ten thousand dollar firewall either. This is not an area of your business where you can afford to cut corners. However, there is an appropriate level of protection available for the risk that any given business may have. Your IT staff or service provider should help you find the appropriate protection so you be comfortable that you have done your due diligence and can sleep well at night.