BusinessWeek Logo
BWSmallBiz -- Tech February 20, 2008, 3:00PM EST

Locking It Down

Cyberthieves are watching. Here's how to keep your data safe and sound

By Eve Tamincioglu

null

Christopher Silas Neal

Every six to eight months, a zombie attacks the e-mail server at Guy Brown, a Brentwood (Tenn.) company that refurbishes and sells office products. It's not a Dawn of the Dead zombie, but a virus that invades computer systems to send bogus junk mail. The intruder has even caused one of the $150 million company's biggest customers to stop accepting its e-mails. "A small business is about the relationships you have," says Philip Markuson, senior vice-president for operations at the 70-employee company. But cyber compromises can make clients start wondering whether "you have trouble running your business properly and diminish the trust you've built up," he says. That's why Guy Brown is upgrading security for its technology infrastructure, including spending about $5,000 to create a virtual padlock to keep out Internet hackers.

Smart move, and one that is not as common as it should be. More small businesses now have Web sites and e-commerce capabilities—potentially exposing company and customer data to thieves—but lack the safeguards many big companies have in place. About 57% of small companies don't think they need a formal plan to secure their data, and 61% say they never sought information on properly protecting their files, according to a March, 2007, survey by the National Federation of Independent Business and Visa USA. "Criminals look for the weakest link in the chain," says Gurpreet Dhillon, a professor of information systems at Virginia Commonwealth University. "Where's the weakest link? Small businesses."

Hackers are increasingly sophisticated, too. In the past, viruses with names such as Mydoom and iloveyou were spread by people craving media attention. These days, says Larry Clinton, president of the Internet Security Alliance, a trade association devoted to Internet information security, "the criminals are more like Tony Soprano than Ferris Bueller. Organized criminals are now doing it—not to show off, but to make money."

Protecting your network means taking a series of steps, including installing security hardware and software, putting an employee in charge of security, and educating all your workers.

GATEKEEPERS

Hackers' tactics, and the products to combat them, are always changing. Having an employee dedicated to security will help you stay on top of things, says Ron Teixeira, executive director of the National Cyber Security Alliance, a public-private partnership that includes the Homeland Security Dept. and the Federal Trade Commission. Typically, the head of your IT department should fill that role. Companies that don't have IT staff should think about hiring a consulting firm. The best way to find one: referrals. Scott Testa, an adjunct professor at St. Joseph's University in Philadelphia who specializes in small company technology, advises entrepreneurs to ask firms if they have experience with small companies and with their industry. They should also ask about whether their staff will be available at any time in case of a security breach. "Independent, third-party firms that don't sell products are more objective," says Testa.

At a minimum, says Rob Fitzgerald, a computer forensics expert and president of Lorenzi Group, a consulting company in Danvers, Mass., "small businesses should have in place a firewall and have antispam/spyware and antivirus software installed on all computers." A firewall, which can include hardware or software or both, prevents unauthorized access to your network. All messages coming in or leaving your company pass through the firewall, which blocks those that do not meet your security criteria. Fitzgerald recommends that all small companies use firewall hardware. Sonicwall's (SNWL) TZ, Fortinet's Fortigate Unified Threat Management, and Cisco's (CSCO) Pix are all boxes you can plug into your modem. Buying the providers' annual service agreements, which run about $100 a year, gets you updates and access to tech support staff.

Reader Discussion

 

BW Mall - Sponsored Links