All the answers to your unique business lifestage questions
Forrester research reveals that viruses top the list of security concerns for SMEs, with more than 80% citing this as the issue that worries them most. It is not surprising when you consider how vulnerable you are to attack.
The infamous Sapphire Worm in January 2003 was the fastest computer worm in history. As it moved through the Internet, it doubled in size every 8,5 seconds, and took only 10 minutes to spread around the world. Fortunately, there are ways to protect yourself.
It's like brushing your teeth
Security and back-up should be part of your daily routine, and includes the following:
- Preventing unauthorised access to your system.
- Protecting against attack by viruses or hackers.
- Preventing theft of physical equipment and intellectual property.
- Protecting sensitive or financial information.
- Preventing denial-of-service attacks, which use a flood of email to crash a system.
Ensuring information complies with regulatory requirements, and is duplicated and backed-up for easy restoring and retrieval.
Integrated server solutions generally combine many of these features into a single system, providing affordable access to back-up and security that is typically only available to organisations with sophisticated network setups.
Build your defences
- Ensure your server is protected by an effective firewall and anti-virus software. If it is managed by your Internet service provider, ask for details of their security system and what level of protection you can expect.
- The simpler and easier your back-up system is, the more likely it is to work. Some online back-up services allow you to run daily automatic back-ups of data on a laptop or desktop computer. No special hardware is needed and data recovery is immediate.
- Install strong authentication processes. These guarantee user identity and are more secure than simple password systems.
- For e-commerce, use digital certificates to improve trust between trading partners.
- Deploy virtual private networks (VPNs) to create a secure channel over the Internet for exchanging information with trading partners.
- Monitor log files or use detection software to spot any attempts at intrusion.
- Make sure your work space or office is physically secure, with locks and/or alarms.
- Keep servers in a locked room and control access to it.
- Protect information that you keep on paper, ie, in lockable filing cabinets.
- Shred personal information before throwing it out.
- Be careful of throwing out boxes that might advertise the delivery of new machines to would-be thieves.
- Security mark PCs and their major components with indelible or ultra-violet ink.
- Log serial numbers of all equipment so that it can be identified if stolen and recovered.
- Invest in a security cable for each computer, so that it cannot be moved from its location.
- Keep back-ups off-site or (at least) away from the computer you're backing up.
The "Big Five" of back-ups
1. CD & DVD
- CDs can hold up to 700Mb of data, while a DVD can hold a whopping 4,7Gb.
- They are cheap when you buy in bulk (about R2 for a CD and R6 for a DVD).
- They are simple to use.
- Many newer computers come with a built-in CD read/write drive.
- They are portable.
- If your computer doesn't already have a CD or DVD writer you will have to buy one.
- If you use rewritable disks, it is possible to overwrite data by accident.
- Read-only disks can only be used once - files cannot be added or deleted.
- The disks require special cases to protect against damage.
- Older CD players cannot read CD-read/write discs.
- You might need to purchase back-up software.
- Tapes offer the cheapest storage (from as little as R1,50 per gigabyte stored).
- A typical small business requires between 10Gb and 60Gb for daily and weekly backups. Tapes hold up to 500Gb of uncompressed data on a single cassette.
- Tapes are shock-resistant and durable over time. Even if you drop a tape drive, the tape itself can still be recovered.
- Tape drives are expensive.
- Tapes are sensitive to environmental factors like sunlight, humidity and dust, as well as electromagnetic fields.
- Tapes do not protect against theft or natural disaster, unless they are moved off-site.
- Daily tape back-up administration can be a time-consuming manual process.
- Unless you have a dedicated file server with an attached tape library, you can't readily access data stored on your tape drives.
3. EXTERNAL HARD DRIVE
- If you're looking to back up a lot of data or your entire computer, an external hard drive can prove to be the easiest and most affordable solution.
- Most will plug into the USB port of your computer and are usually plug and play, making them easy to use and move.
- Capacity ranges between 80Gb and 120Gb but you can get external drives with a capacity of up to ten times that and more.
- Prices start at under R1 000.
- If you are only looking for partial back-up for a limited amount of data, an external hard drive is overkill.
- The drives are sometimes large and bulky.
- They can be damaged if dropped or mishandled, and are vulnerable to damage by electromagnetic fields.
- Large external hard drives can be expensive.
4. ZIP DRIVES
- Zip disks are fast and durable.
- There are several different sizes, typically 100Mb, 250Mb and 750Mb. All are fine for small back-ups.
- Zip disks can be used more than once for daily back-ups.
- Zip drives are easy to install and share between computers and are fairly portable. Some newer models use USB ports.
- Zip disks have a data-retention life of up to a decade.
- In order to use zip disks you must also buy the zip drive, which can be expensive.
- Storing several disks can be cumbersome as there isn't a large selection of available zip storage cases available.
- Zip disks are not as portable as flash drives and are becoming less common.
5. ONLINE BACK-UP
- Files are stored on a server at an off-site location, so they can't be accidentally overwritten, stolen, or destroyed.
- Most online back-up services offer 500Mb to 100Gb of storage space, which you can access remotely via a secure link.
- Online back-up is easy to use. Some providers offer automatic back-up, which does not require user intervention.
- Some remote back-ups work continuously, backing up files as they are changed.
- The price generally includes download and back-up software.
- It can be pricey - up to R5 000 per month for 100Gb.
- If your Internet service provider's system fails, you might not be able to access your files.
- If the provider's security is compromised, your information could be stolen.
Things to consider when choosing back-up
1. How much storage space do you need? If you have a lot of data to keep, use a high-capacity medium. You do not want hundreds of CDs cluttering up your office.
2. How much will it cost? Consider the once-off as well as ongoing costs, and balance this against how much the data is worth to you.
3. How easy is the back-up system to use, and how often will you need to do it? The harder it is and the longer it takes, the less likely you are to do it.
For a seven-step guide on how to safeguard your business, click on the "Security guidance centre" link at www.microsoft.com/southafrica/smallbusiness.
What about wireless
- Wireless equipment often has security default settings, but don't assume that these are adequate for your needs. Always ensure that settings are checked and changed where appropriate.
- If you transfer sensitive information over a mobile connection, consider using a Virtual Private Network (VPN). Besides creating a secure channel for trading partners, this offers mobile users a safe way of connecting with other employees or branches of the business.
- Use encryption. Many wireless access points (WAPs) do not have encryption enabled by default.
- Use access lists to lock down your wireless network. This will allow you to specify exactly which machines are allowed to connect to your access point.
- Change default passwords. Most manufacturers use the same default for all their wireless access points (or those of a particular model). These passwords are common knowledge among hackers.
- Turn off the WAP when not in use. This may seem obvious, but few companies or individuals do it.
The safer side of online banking
- When it comes to transacting online, banking has had some bad press of late. However, by sticking to a few very strict rules, you can keep your information (and money) quite safe:
- Never allow your browser to save your PIN.
- Do not keep PIN codes in the same place as your card.
- Ensure you are on the correct website by checking the address and that the site is secure. The web address should start with "https". Also look for the security certificate (usually a small graphic of a lock) in the bottom right corner of the screen.
- Always access your Internet banking by typing in the correct URL into your browser. Do not click on a link in an email to take you to the website, and NEVER provide your personal details to anyone via email or through a linked site.
- Be vigilant if you use Internet cafés or a computer that is not your own. Use website keypads to enter your PIN rather than typing it on the keyboard.
- Follow all bank instructions about destroying new PIN numbers and expired bank cards. Also consider destroying unneeded statements that may contain sensitive personal information.
- Check your statements regularly to identify any erroneous or criminal transactions.
- Do not just close the window when you complete your Internet banking session. Log off properly.
For more tips visit www.standardbank.co.za.
Good ideas for great passwords
- Use something that is easy to remember, such as an acronym from a favourite saying or phrase. For example, "roygbiv" is based on the colours of the rainbow, (red, orange, yellow, green, blue, indigo, violet).
- Substitute some letters with numbers, eg, "r0ygb1v".
What NOT to use:
- Your ID number, phone number, bank PIN, or birth dates of yourself, partners, family or friends.
- An English dictionary word. (Words in another language can make good passwords that are harder for others to guess.)
- A similar password to a user name. (Apart from being easy to guess, you may end up confusing the two.)
- Old passwords.