A simple plan for SMB security, Part 2

Five must-do steps form the basis of your small business security policy

Editor’s Note: Technology Partners is a regular column written by members of the  Information Technology Solution Providers Alliance .

A security breach can mean the decline – or even death – of a small business.

Last time we offered suggestions for protecting every desktop and laptop computer. Here, we aim tips at IT managers, or in smaller firms, general managers and owners. Keeping any business safe requires time and money. Whether you rely on internal IT personnel or an outside solution provider, be sure they don’t skimp on the following recommendations:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Editor’s Note: Technology Partners is a regular column written by members of the  Information Technology Solution Providers Alliance .

A security breach can mean the decline – or even death – of a small business.

Last time we offered suggestions for protecting every desktop and laptop computer. Here, we aim tips at IT managers, or in smaller firms, general managers and owners. Keeping any business safe requires time and money. Whether you rely on internal IT personnel or an outside solution provider, be sure they don’t skimp on the following recommendations:

Teach employees to be safe online. Lay down the law. In e-mail, no opening of suspicious or unsolicited attachments. No responses to spam. Send out regular updates to the entire company warning them of hard-to-spot scams, such as phishing e-mails. The more employees know about potential dangers, the more vigilant they will become.

Keep departing employees out. Employees leaving a company under less-than-ideal circumstances must be kept from touching your IT assets. Tech-savvy employees could do a great deal of damage in little time. And even less-knowledgeable folks might have friends who can suggest how to destroy your computing infrastructure. When employees leave the company, immediately deactivate their passwords. In addition, you must prevent them from physically touching any PC or server. Also, be sure to collect any IT items that could connect to the network, including laptops, Pocket PCs or PDAs.

Download operating system updates regularly. Stop using Windows 98 or 95. They have too many holes. Instead, invest in the more secure Windows XP Professional. If you’re using Windows 2000 or NT, the situation is less urgent, but consider upgrading to XP soon. Whatever operating system you use, sign up for Microsoft Security Update, a free e-mail alert about security challenges.

Make wireless networks secure. Wireless networks are more vulnerable to hackers than wired ones. There are several steps to secure them. First, don’t use TCP/IP for file and print sharing, which makes a hacker’s job far too easy. Share only the files that need to be accessed wirelessly, rather than sharing entire hard drives. Buy equipment that supports Wi-Fi Protected Access (WPA) encryption; use complex encryption keys and change them frequently.

Perform quarterly security assessments. Keep your network up to date and ahead of the hackers. Each quarter, review each and every step above to be sure your company is in compliance. Send reminder notes to employees, asking that they run security and spyware-detection updates immediately. Be sure all passwords have been changed recently. And search out potential vulnerabilities.

Sharp is sales vice president at ITSPA.