|
Thinking Beyond Antivirus
 Taking
advantage of the Internet to make your small business' information more
accessible to employees and outsiders can offer business benefits. If the
Internet is a part of your business then you should be equipped to deal with the
security issues that have been introduced. If your business is connected to the
Internet, then all of the information you keep on your computers and servers is
potentially at risk. The more complex the computing environment gets, the
greater (and diverse) the risk. At the same time your reliance on the Internet
is growing, the Internet threat landscape is continuously evolving and becoming
more severe.
In today's small business computing environment,
antivirus alone does not provide adequate security. However, with the right
combination of security measures, you can keep your valuable business data and
information safe and sound and where it belongs – inside your network – and away
from malicious code or intruders.
Identify your assets
The first step to a comprehensive security program to identify the electronic
information you keep that is of the most value to your business, also taking
into consideration where that information resides. Generally, small businesses
will find their most sensitive information relates to private customer
information, strategic plans, financial data, and business operations. Imagine
what would happen if this information was damaged or lost. It could mean a
financial hit--decreased sales resulting in a decreased profit. It could also
cause a severe blow to your business' reputation in the eyes of your customers
and business partners. Knowing what you need to protect will help you take
proactive security measures that focus on the right areas.
Identify your risk factors
Internet access. Today, most small businesses are connected to the
Internet. Small businesses open themselves up to a variety of Internet threats
by simply being online. Without the proper security in place, network intruders
could see, and/or cause damage to sensitive files, and your system would also be
subject to today's complex threats that do not require user interaction, as any
computer that is online and unprotected is a prime target for attack.
Remote access. Having the ability to
access important work-related files while traveling, or at home can improve a
small business' productivity. It is imperative that this kind of remote
connection to internal IT resources is established using a virtual private
network (VPN) by remote computers that are equipped with antivirus and
firewalls.
Wireless networks. Wireless networks are
proving to be a cost-effective Internet option for many small businesses because
it is a flexible and relatively inexpensive way to keep up with business
demands. The problem is that as the popularity of wireless continues to grow, so
too will the number of people looking to exploit it. Wireless networks are
easier to exploit than wired networks because intruders don't need physical
access to your hardware; if they are close enough to the access point, they can
pick up the signal, even from outside the building. And it does not take a
technology expert to pick up someone else's signal.
Antivirus and beyond
Key security technologies that should be integrated into a small business
network include not only antivirus, but also: firewalls, intrusion detection and
prevention, content filtering, and VPNs.
Antivirus Having antivirus software is
just as important as ever. Antivirus should be installed on all desktops and
laptops–-including those devices being used out of the office to make remote
connections to your network. A good antivirus solution should also be able to
detect spyware and adware. Remember, just having the antivirus installed is not
enough-–for maximum protection from the latest viruses, you should check for new
virus definitions daily, and perform weekly system scans.
Firewalls Keeps intruders out of your
network by blocking unauthorized access attempts. Some of today's complex
Internet threats can elude the basic firewalls on the market, so look for an
advanced firewall that offers intrusion prevention technology, so you will have
an intelligent system proactively stopping intrusion threats. In addition to
antivirus, make sure that all machines making remote connections are equipped
with a personal firewall.
Content Filtering Prevents unwanted
content from entering, and confidential information from leaving the network.
Intrusion Detection Monitors the events or
traffic on a computer or network to detect attacks and malicious behavior so you
can stop attacks before they have a chance to happen.
Virtual Private Network As described
above, VPNs are essential for secure remote connections. The VPN acts as a
secure “tunnel” into the network, and maintains the privacy and integrity of
your confidential data as it travels across the Internet by authorizing the user
and encrypting the data that flows in and out of your internal IT system.
Beyond software: smart security practices
Although having the right combination of security software is a big part of the
security picture, here are some smart security practices you and your employees
should follow in order to achieve your best security potential:
Download applicable security patches for your
operating system and software whenever one is made available. In many cases, you
can enable automatic searches for updates.
Do not leave computers logged on and connected to
the Internet when not in use.
Create security policies that not only outline
what needs secured, but how you are going to secure those areas. This policy
should also outline safe computing practices for employees to follow.
Perform regular backups both on servers and on
users' hard disks.
Use strong passwords and change them often. A
strong password is at least eight characters comprised of a combination of
lower-case and upper-case letters, digits, and symbols.
An integrated solution
Although it is still possible to fall victim to a computer virus by using an
infected disk or opening an infected email attachment, the more destructive and
complex viruses and worms of today do not rely on user action, and can elude
antivirus software in some cases. And even so, viruses are only one piece of the
Internet threat puzzle. Internet intruders are constantly improving their
methods and becoming more successful. Leaving your small business' information
unprotected is too big a risk in today's threat environment. The increasing
sophistication of Internet threats calls for multiple security measures on all
vulnerable points on your system, including your servers and desktops.
All of the separate security technologies listed
above can be a burden to install, not to mention difficult and expensive to
manage and update. A patchwork system of security technology from various
vendors can make security management a nightmare.
from Symantec |
