Q. My business would be a disaster zone if our data were lost or stolen. What should I do to protect it?
A. Today’s small businesses are under assault on many fronts. In October, the FBI warned of a new wave of cybercriminals targeting business bank accounts and, in 2009 alone, 11 million people were victims of identity theft. That’s in addition to the “normal” threats of hard-drive crashes, viruses, spyware, fires, floods, hurricanes and burglaries. Here are the eight steps all small businesses must take to protect themselves and their data:
1. Backup, backup, backup! No matter what happens to your computers, if you have a backup, then your data are safe. Here are the main backup methods, in order of best to worst reliability: online backup, tape drives, USB drives and thumb drives. We don’t recommend the last two.
2. Maintain virus and spyware control: No computer is safe without antivirus software. Today’s viruses and spyware (collectively called malware) are almost all written by cybercriminals to steal private information, passwords or bank account numbers.
3. Regularly apply security patches: Virtually all software has security holes that malware can exploit. You probably know that Microsoft Windows has them, but so does Microsoft Office, Adobe Acrobat and Flash. Even Apple products like OS X and iTunes have security holes that need to be patched.
4. Use a hardware firewall: This small device sits between your Internet connection and your network. The firewall, at a minimum, will hide your computers from the rest of the world. We recommend a firewall that also finds and eliminates malware from your downloads so you’re protected on multiple fronts.
5. Use good spam filtering: More than 90 percent of e-mail is spam and most malware uses e-mail to infect computers. You need good spam and virus filtering to scrub your e-mail before it hits your inbox.
6. Secure your wireless network: We see improperly configured wireless access points or routers in about half of the businesses we go into. It’s pretty simple to hack into an improperly secured wireless connection to gain access to a business. Be sure to use WPA2 encryption and separate your wireless from critical business data if possible.
7. Use strong passwords: Definitions vary, but in general you’ll need to use a combination of 8 letters and numbers with one punctuation mark. Don’t use this same password on all websites you visit and don’t write it down. You may consider a password management application to help keep track of your personal passwords securely.
8. Use a server to centralize data: Lastly, you can’t protect your data unless you know where it’s stored. Once your business has about five or more computers, it becomes increasingly difficult to back up the data stored on different computers. We recommend Microsoft’s Small Business Server to securely centralize and easily share your data within your office.
If you’d like more information, the Small Business Administration has a good IT Security guide and the SANS Institute has a Top 20 Cyber Security Risks list.
Sam Gridley is president of Intech, a leading digital solutions provider for Hawaii’s businesses. Go to www.intech-hawaii.com or call 596-9500.