Locking It Down

(page 2 of 2)

Browse Issues

Browse the BusinessWeek Archive

Christopher Silas Neal

Story Tools

• post a comment
• e-mail this story
• print this story
• order a reprint
• digg this
• save to del.icio.us

You will need to buy software for each computer, even those not hooked up to the Internet, as you could download a virus from a thumb drive. Symantec (SYMC), Grisoft (INTC), and McAfee (MFE) offer software packages that supply the basics. Figure on spending no more than $100 per computer.

Henegan Construction was getting about 3,000 virus-affected e-mails a year. So the $300 million New York company installed Symantec's antivirus software several years ago. Last year Henegan added filtering software by Websense (WBSN), which blocks certain Web sites that might be infected. The cost for the two packages is about $5,000 a year for 25 computers.

Henegan also hasn't been lucky with its laptops, which have been stolen frequently. So the company signed up with a laptop tracking company, Absolute Software in Vancouver, for $100 per computer for a three-year contract. The service recently helped Henegan recover a laptop within two months, says Juan Alessandri, head of it at Henegan.

PASSWORD PLOY

Hardware and software are important, but they are not the whole story. You'll also need to draw up a policy on how your data must be stored and who has access, says Dhillon: "If yours is a retail outfit, follow Visa and MasterCard's (MA) encryption and data storage policies closely." He advises companies not to print complete credit-card numbers on a receipt or store data longer than necessary, and to shred invoices. Small businesses also need to make sure the wireless networks they use are encrypted. "Do not provide open wireless access from the same connection that is used for business transactions," Dhillon says.

Don't forget that a big source of security breaches are employees themselves, either through sabotage or unwittingly downloading a file with a virus attached. Teixeira points to a tactic called spearfishing, in which criminals contact employees in key positions. "They actually send an e-mail marked urgent—something like, 'we had a break-in, and we want to make sure everything is safe. Please provide us with your log in and password,'" he says. Instruct all employees not to download e-mail attachments unless they know the person who sent the message, and never to give out passwords. Send out bulletins informing workers of new scams. Clinton even recommends forbidding employees from using their computers for personal business, but providing ones they can use to surf the Internet in a common area. A little inconvenience isn't too much to pay for keeping your company's data safe.

Back to BWSmallBiz February/March 2008 Table of Contents