New Page 0

Protecting Your Business Data From Prying Eyes

Computer security is a very complex field. Many large companies spend millions of dollars a year on systems to protect their data. They have Internet firewalls and highly-paid consultants to keep corporate secrets from getting into the wrong hands. Small businesses may not have the same security needs as Fortune 500 companies, but your data is just as important to you. As a business owner, you probably don't want just anyone in your business having access to sensitive information such as payroll or financial information.

In working with small businesses in this area, I see a lot of approaches to computer security. Some have a very open policy that allows anyone in the business access to anything. Others have a more paranoid approach, where no one has access to anything they don't specifically need to do their job. Most fall somewhere in the middle. In choosing a security model for your business, consider what information is stored on your system and what problems it would cause if the wrong person had access to it.

Security falls into two basic areas – internal and external. While most of the headlines you read generally talk about external issues such as the latest security hole that hackers have found with Windows or Internet Explorer, the biggest danger your business faces is from internal security threats, such as the disgruntled employee (has anyone ever heard of a gruntled employee?) or the merely curious administrative assistant who wants to know how much her boss makes. After all, these folks already have the hard part behind them – they have physical access to your network.

If you are concerned about security in your business, here are a few basic things you can do to decrease your chances of a security breach.

	Keep your important business data on a server and keep the server in a physically secure location. Given physical access to a PC, it is possible for a knowledgeable person to defeat nearly any security system, given enough time.
	Upgrade to Windows 2000 or XP Professional. Windows 95/98/ME systems have virtually no security features built in. Also make sure that you use the NTFS file system on your Windows 2000 or XP system.
	Use the security features of Windows (or Netware, if you are running it) to restrict access to files and directories to those who need it.
	Enforce a strong password policy.
	Use Windows 2000/XP's encryption feature to encrypt critical files.
	If you are going to be away from your PC, log off. This prevents anyone from sitting down at your desk and having access to all of your information.
	If email privacy is a concern, disable the password saving feature of your email client. This prevents anyone who sits at your PC from being able to retrieve your email.
	Use the Windows Update feature to keep your system up to date with all of the latest security patches.
	If you have shared Internet access in your office through a cable or DSL line and a router, make sure that you change the default password on the router. Every hacker in the world knows these passwords. Unless you change it, you could possibly be exposing your entire network to the bad guys.

The biggest problem with computer security in a small business is that as security goes up, convenience goes down. People forget passwords, or start writing them on little sticky notes attached to their monitor. I used to know one guy who was the network administrator for a fairly large company who kept his password posted on the wall next to his desk. Every time the system made him change it, he would just cross out the old one and write down the new. My point is that security takes a commitment to establish and enforce. It is often one that small business owners choose not to make. That is a decision that has to be made individually by each business. But if you are concerned about your data and who can access it, it is one that can pay dividends in the long run.

Additional Links

Here is a link to the Computer Security Resource Center at the National Institure of Standards and Technology: http://csrc.nist.gov

Here are some additional tips for keeping your business secure: http://www.infragard.net/library/seven_pc_tips.htm