A simple plan for SMB security, Part 1

The very nature of small businesses makes them vulnerable to attack.

Editor’s Note: Technology Partners is a regular column written by members of the  Information Technology Solution Providers Alliance.

Security breaches are a growing problem for small and midsize businesses. A recent poll of ITSPA members found that last year, nearly 25% of their professional time was spent resolving security problems for small businesses. No wonder. The poll also found their clients suffered seven or more attacks by hackers or viruses in 2004.

The very nature of small firms makes them more susceptible to attack than larger ones. They tend to have casually run IT departments, less sophisticated users and employees who are less suspicious than those in big companies.
 
The solution is simple. Work through our security checklist and stay vigilant. These tips are aimed at the desktop. Next time, we’ll offer suggestions for creating a corporate culture of computer safety.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Editor’s Note: Technology Partners is a regular column written by members of the  Information Technology Solution Providers Alliance.

Security breaches are a growing problem for small and midsize businesses. A recent poll of ITSPA members found that last year, nearly 25% of their professional time was spent resolving security problems for small businesses. No wonder. The poll also found their clients suffered seven or more attacks by hackers or viruses in 2004.

The very nature of small firms makes them more susceptible to attack than larger ones. They tend to have casually run IT departments, less sophisticated users and employees who are less suspicious than those in big companies.
 
The solution is simple. Work through our security checklist and stay vigilant. These tips are aimed at the desktop. Next time, we’ll offer suggestions for creating a corporate culture of computer safety.

But remember: Keeping any business safe requires time and money. Whether you rely on internal IT personnel or an outside solution provider, be sure they don’t skimp on the following recommendations.

• Install anti-virus software and update it regularly . Your PCs probably were protected at some time, since most computer manufacturers now include anti-virus software and a free trial subscription to virus updates. But too often, employees let these subscriptions expire. Require employees to renew anti-virus subscriptions, then set up each machine to automatically update virus definitions – no human intervention required.
• 
  
  
• Keep your office computers safe . Sometimes the worst security breaches come from former employees, disgruntled customers or unhappy competitors. Protect office computers by placing them in a secure location.  Make a log of each machine’s serial number to ensure it can be identified if stolen. Etch these numbers, plus your company’s contact information, on a hidden area of each computer.
• 
  
  
• Set up an Internet firewall. A firewall protects your local network from outside attacks by screening and blocking all unauthorized traffic between your network and the Internet. The firewall also hides computer IP addresses from outsiders. A rudimentary hardware firewall using network address translation protocol (NAT) is already built in to  the router you use to share your cable or DSL connection. For stronger protection, choose a “security router” that includes stateful packet inspection (SPI) capabilities.
• 
  
  
• Shut out spyware . Configure your firewall to prevent employees from downloading shareware and freeware. Too often, these programs gather information from your network and send it to a third party. Spyware also can be installed by infected e-mails and other means. To clear it out, require users to run anti-spyware utilities (more than one) regularly.
• 
  
  
• Require strong passwords . Keeping employee passwords confidential requires strict corporate policies. Passwords should never be based on a user or company name, a string of numbers, or written down and stored in a handy  location. Require users to devise passwords at least eight characters long that include letters, numbers and symbols. And make sure they’re changed at least once a month. 

Sharp is sales vice president at ITSPA.