Please ensure Javascript is enabled for purposes of website accessibility

Protect your IT network

As you read about computer network attacks by exotic sounding viruses like Stuxnet, Duqu and now Flame, you may think “that stuff doesn’t affect me or my business.”

While it’s likely true that your business doesn’t draw the attention that an Iranian nuclear reactor or a major international financial institution does, the fact is that all business and personal computers are increasingly vulnerable to threats.

I’m anything but an early adopter when it comes to information technology. (I’m so far down that curve I just got my first smartphone two weeks ago.)

Acknowledging my own ignorance while recognizing how important network security is, I turned to Brian Skutt, the CEO of SafeOperations, who designs IT security systems for a living.

After scaring me silly with his descriptions of the ongoing war between the people trying to get into our systems and those defending them, Brian provided me with a few simple rules to follow that can make a huge difference for the business owner, regardless of business size. But first, some background information.

The vast majority of people significantly underestimate the cost of IT security breaches and overestimate the efficacy of their defenses. Most of us think we’re protected because we bought a firewall, have network protection and software that detects malware. Our Internet service providers have tools to protect us, and if we even think about them, we assume are doing their job.

Yet the threats are getting more sophisticated and the gap between the “bad guys” and our tools of defense is getting wider. In January 2012 alone, 150 large businesses reported hacking incidents costing them a total of $135 billion. The Ponemon Institute, a privacy and information management research firm, estimates the cost of hacking to business in 2011 to be $1.5 trillion.

So all of these defensive tools we use are like having bars on our windows, an alarm system and deadbolt locks. The problem is we leave the back door open. Most people think viruses, worms and other forms of malware are the problem, yet it’s peoples’ behavior that drives most security breaches.

Here are four things the business owner can do to limit the threat and improve IT security:

1. Protect your boundary. Have as few connections as possible for your business (one is best) and load it up with the latest protection. Remember, it doesn’t matter how good your security is through your primary portal to the Internet if you allow people in your business to access your network through other channels. Don’t mix business and personal use of your network, especially with smart phones.

2. Limit social networking in general, and Facebook access specifically, only to those marketing people responsible for social networking. The No. 1 “threat vector” to business networks is the use of Facebook.

3. Have good policies, communicate and enforce them. Most breaches occur when people get careless with passwords, leave workstations on or respond to inappropriate email requests for information.

4. Don’t use public sites. As tempting as it may be to catch up on work in the airport or a coffee shop, don’t use open providers to do company business (or access personal information like your bank and investment accounts).

Finally, I asked Brian about the security of cloud computing. After his disclaimer of “the concept of a secure cloud is an oxymoron,” Brian did say that most cloud systems are more secure than internal systems because the data is encrypted at rest and in transit on both ends. The people who design and manage cloud systems tend to be far more serious and sophisticated than our own IT people.

As with every other business tool or system, the strongest, and weakest, link of our IT security is our own behavior.