Internet Security – How Serious Should Your Business Take it?
Perform any search on any engine about how many computer viruses are in existence and you will get the same answer… too many to count. Most computer viruses are targeted to attack computers running Microsoft’s Windows operating system, while Apple computers running Mac operating systems experience drastically fewer attacks. Considering most businesses and home users choose Windows over Mac, hackers have a greater area to toss their nets and pull in a catch.
Just as with any battle or even sports game for that matter, you have the offence and you have the defense. In this ongoing war over privacy and security you are on the defensive and the hackers are on the offensive.
For any business, the threat of online attacks and hacks are a daily reality. All it takes is one point of weakness in their infrastructure – just one open accessible port, one faulty firewall, one employee unintentionally downloading a virus – or a single network engineer incorrectly configuring the private network– and all hell could break loose.
There are a few steps a business owner can take to at least keep a minimum level of security.
Internet and email use policy. Instituting a companywide policy which outlines all the details about what is and is not acceptable internet in the office is a good practice. Examples of some guidelines are as follows:
- All software downloads and installations must be authorized by the employees supervisor
- All software downloads and installations must be performed by the IT department
- Internet use during business hours is restricted to company business purposes only.
- Facebook and other social networks are not to be used during business hours – either from the computer or via other means such as cell phones
- Email is restricted to business use only
When instituting these rules, it is important to include the policy as part of the employee handbook along with requiring a signature from each employee as acceptance of the policies. It is equally important that within the handbook it is clearly stated the consequences of not abiding by these policies. Each company may deal with these circumstances differently; some may allow 3 warnings while others may not allow any.
- Outsource computer and network operations. Outsourcing to a third party is a huge help for companies that do not have the resources to bring on a full IT staff. There are varying degrees as to what level of involvement the outsourced company will be held accountable for. Some companies may provide an onsite technician to handle all operations while others may be better suited to work with a technical liaison from within the company already.
Before hiring a third party to handle all your network operations, consider the following:
- Do you have the ongoing financial resources to employ such a company?
Without an IT department or experienced person, your business will find itself in the dangerous crosshairs of an unstable and potentially unsafe infrastructure. Make sure you take this hiring seriously with long term expectations and foresight.
- Does your company really need it?
This is a question everyone should ask. If you run a and have technically inclined personnel already on hand, consider outsourcing specific IT tasks in-house. Examples are internet and intranet networking, software updates and installations, and hardware installations. If you have capable staff, consider assigning these roles and compensating accordingly.
- Does the IT company have a good track record with speedy response times to installing software and hardware updates and patches?
It is important that the correlation between an IT department/service and security is recognized and held in high regard. If the company does not appear to take the security aspect seriously, consider another company.
- Encryption. Internet and email in general already include a basic level of encryption. However, there are considerations to be taken for your business. For example, if you use a wireless connection it is essential that you use WEP or WPA encryption. These operate on the basis of security keys and passwords meaning that any computer that attempts to connect to your network must have these bits of information. Without it, they cannot get in and will move on.
Another aspect of encryption to be considered is telephony encryption. That means encryption for the phones. In industries such as financial and banking, health care and insurance, federal laws demand a higher level of encryption must be in place to protect the highly private and sensitive information being passed through data and voice connections. If your business fits in this category, ask your phone service provider about encryption options.
Understanding the seriousness of security for your business is no longer just a matter of using a cross shredder in the office place – it can literally mean the difference between your company’s survival or demise. With the advancement of the internet, so comes the increased threat of malicious but intelligent hackers who specialize in identity theft and sell yours and your client’s data for profit.
Take the steps necessary to protect your business. If you are just starting, consider subscribing to magazines which will help keep you abreast of threats and give tips for internet security. Enlist those who are more knowledgeable than you and learn as much as you can to stay in the know.