news / tech talk
Business Security
by Lee LeClair01/20/2006
As seen in Inside Tucson Business
- Arizona Daily Star
- BizPlanIt
- Linux World Expo
- 40 under 40
- They're on the A-List
- Dotche system built by Ephibian
- AzBusiness
- Arizona Daily Star
- Arizona Daily Star
- Phoenix Business Journal
- Ranking Arizona
- The Arizona Republic
- Hostingtech.com
- American City Business Journals Inc.
- AZtechBiz
- Inside Tucson Business
- Arizona Business Gazette
- Inside Tucson Business
- Fiesta Mall
- Arizona Daily Star
- .com Success!
- Business Wire
- Buck's Woodside Menu
- CRN
- Arizona Daily Star
- LocalBusiness.com
- The Business Journal - Phoenix
- Phoenix Business Journal
- LocalBusiness.com
- Business Wire
- Inside Tucson Business
- internet.com
- AzBusiness
- AZtechBiz
- designshops.com
- AZtechBiz
- BizAZ
- Virtualized Cloud
- Collaboration and Communication
- Personally Identifiable Information
- Cyberwarfare
- iPad and E-Readers
- Trusted Platform Module
- Smartphone Data Security
- Cyber-Espionage
- DTNs
- Have a Plan
- Cloud Computing - Part 2
- Impact of Technology on Existing...
- Data Archiving
- Mobile Telephony - Part 2
- Cloud Computing
- Social Networks
- Password Management
- Netbooks
- Microtargeting
- Packet Analysis
- IP v6
- Surge Protection
- Traveling Safely
- Thin Client
- Uptime
- Mobile Telephony
- Know Thy Programs
- Voice Over IP - Part 3
- Google Apps
- Virtual Computing
- Securing Users
- Simple Desktop Management
- Service Oriented Architecture
- Light-based Communication
- Data Mining
- Small Business Architecture
- Voice Over IP - Part 2
- Business Automation
- Database Needs
- DMZs
- CPUs
- SPAM & Botnets
- Security Testing
- Customer Advocacy
- Laptop Security
- Windows Vista
- Large Scale Deployment
- Network Access Control
- Generator Use
- Uninterrupted Power Supplies
- Web Site Security
- Blu-ray vs. HD-DVD
- Dual-Core Processors
- Business Security
- AJAX
- 3G Mobile Internet
- Apple Intel Processors
- Entertainment Tech
- Cafe Wireless
- Commercial Hosting
- Gaming Consoles
- Voice Over IP
- Blogging
- Is WI-FI Secure?
- OpenDocument Format
- Allured Publishing Changes Name to...
- Computer Model Can Help Prevent War?
- Defense contractors run gamut from...
- ASU gears on-site construction...
- The Cleveland Foundation Selects...
- Global Partners Join Forces to Speed...
- Intuit Completes Acquisition of...
- Strategy unveiled on how tobacco tax...
- Gaiam's, Real Goods' revenues increase...
- LSST Awarded Time on TeraGrid
- Aldine Independent School District...
- Miraval featured in Natural Solutions...
- Ventana Medical Systems Joins TSIA to...
- UA $3 Million Bioterrorism Grant...
- Arizona Center for Integrative...
Recently I was asked to advise some small to medium sized businesses what they should do to cost effectively protect their IT assets. While every business is different, many small and medium sized businesses have common characteristics – their IT infrastructure grew over time, it grew with little organization or resources, but now its pretty much critical to the business.
By now, most businesses (even small and medium sized ones) have firewalls and some form of anti-virus protection but that’s about the extent of the security measures. What more can and should a limited-resource businesses do to keep their automation safe but effective? I recommend combining technical knowledge and common sense.
First, do a basic risk analysis. To do this without too much formality, consider the worst case scenarios: how bad would it be if your most valuable data was lost (e.g., data corrupted, erased, or copied by your competitor)? What is and where is your most valuable data? Is there any employee who is singularly critical because of his knowledge and/or access? Write this stuff down. Armed with this knowledge, take a hard look at your IT assets and processes: how old are your servers? Is your critical data all on one old hard disk? Do you backup your data regularly? When was the last time you tested RESTORING backed up data? Is your critical server visible and accessible (physically and on the network) by everyone in your business?
Based on the answers to your first set of questions and this second set of questions, you should have a rough feel for how much risk your business is taking every day its running. Write down what you feel are the highest risks and try to prioritize them. Take into account your past experiences; for example, if you have had several lost days due to virus outbreaks on your computers, then make a note of the risk of viral infection and rank it in your priorities. If you have had several power outages that caused problems during monsoon season, make a note of that and rank it. There are clearly some judgment calls in the rankings – if you need technical advice because you’re unfamiliar with how risky certain things are, seek it out from a consultant or knowledgeable friend. At this stage, you should have a roughly ordered list of things to upgrade, fix, organize, or just plain deal with. As a business owner, you’ll naturally factor in the costs to make adjustments and then prioritize again.
Here are some basics for some degree of network and data security. Make sure you have a firewall if you have Internet access (and how doesn’t) and use private IP address space for your internal network. Make sure the firewall is very limited in what it allows into your network (i.e., email and web traffic) and only allows that into a special network area (or de-militarized zone). Separate your servers from your PCs even on your internal network using a firewall so you control exactly what can reach the servers. Setup a backup system for your critical servers – you can use tape or disks but definitely do this because hard disks WILL fail. Then, check that your backups are actually occurring and TEST restoring lost data. You will never know if backups are successful until you restore the data and actually try to use it. Plug servers into Uninterruptible Power Supplies. Keep your servers in a locked room which only trusted people can access and use tough passwords. Typically, servers are where your important data sits; protect them! Run anti-virus updates and file checks daily in addition to live checking of incoming email. If your PCs support automatic operating system updates e.g., Windows XP, then turn it on.
There are lots of other things you can add to these basics; use your risk analysis results to manage your risks and you can safely and effectively run your business.
Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business
By now, most businesses (even small and medium sized ones) have firewalls and some form of anti-virus protection but that’s about the extent of the security measures. What more can and should a limited-resource businesses do to keep their automation safe but effective? I recommend combining technical knowledge and common sense.
First, do a basic risk analysis. To do this without too much formality, consider the worst case scenarios: how bad would it be if your most valuable data was lost (e.g., data corrupted, erased, or copied by your competitor)? What is and where is your most valuable data? Is there any employee who is singularly critical because of his knowledge and/or access? Write this stuff down. Armed with this knowledge, take a hard look at your IT assets and processes: how old are your servers? Is your critical data all on one old hard disk? Do you backup your data regularly? When was the last time you tested RESTORING backed up data? Is your critical server visible and accessible (physically and on the network) by everyone in your business?
Based on the answers to your first set of questions and this second set of questions, you should have a rough feel for how much risk your business is taking every day its running. Write down what you feel are the highest risks and try to prioritize them. Take into account your past experiences; for example, if you have had several lost days due to virus outbreaks on your computers, then make a note of the risk of viral infection and rank it in your priorities. If you have had several power outages that caused problems during monsoon season, make a note of that and rank it. There are clearly some judgment calls in the rankings – if you need technical advice because you’re unfamiliar with how risky certain things are, seek it out from a consultant or knowledgeable friend. At this stage, you should have a roughly ordered list of things to upgrade, fix, organize, or just plain deal with. As a business owner, you’ll naturally factor in the costs to make adjustments and then prioritize again.
Here are some basics for some degree of network and data security. Make sure you have a firewall if you have Internet access (and how doesn’t) and use private IP address space for your internal network. Make sure the firewall is very limited in what it allows into your network (i.e., email and web traffic) and only allows that into a special network area (or de-militarized zone). Separate your servers from your PCs even on your internal network using a firewall so you control exactly what can reach the servers. Setup a backup system for your critical servers – you can use tape or disks but definitely do this because hard disks WILL fail. Then, check that your backups are actually occurring and TEST restoring lost data. You will never know if backups are successful until you restore the data and actually try to use it. Plug servers into Uninterruptible Power Supplies. Keep your servers in a locked room which only trusted people can access and use tough passwords. Typically, servers are where your important data sits; protect them! Run anti-virus updates and file checks daily in addition to live checking of incoming email. If your PCs support automatic operating system updates e.g., Windows XP, then turn it on.
There are lots of other things you can add to these basics; use your risk analysis results to manage your risks and you can safely and effectively run your business.
Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business