Is your Business Like the Death Star?

IT Security has hardly been out of the news in recent months – we’ve seen reports of large scale attacks on some of the biggest companies – Yahoo, Facebook, Twitter…. But what gets less reported is the suffering and cost to small businesses, and how long it can take businesses of this size to recover from a data loss, breach or infected software.

Here’s some stats that we recently put together to draw attention to the challenges small businesses face when it comes to IT security:

In my experience at TSG, I also know that for every customer that reports an incident, there is at least one more that doesn’t know they have a problem (until we inform them), so things start to look even worse…

I recently saw an article which compared the field of information security to the attack on the Death Star by the Rebels in Star Wars. This got me thinking…

How many small businesses are like the Death Star in their IT security setup? By that I mean they seem impenetrable, but with a tiny, overlooked flaw that could leave them wide open to destruction by the rebels…. I mean hacking by online bad guys?

I know most people have Anti-Virus, Firewalls, Email Scanning etc.  But is there anything else we can do to protect that unshielded exhaust port?

In my view it’s not just about buying products to protect your business; the tiny flaw that can leave businesses vulnerable is more often than not a lack of a widely accepted user policy.  This can ensure that some of the common sense stuff (not writing passwords down, how to deal with links in emails, suspicious websites and Social Engineering) becomes just that more common, and businesses are much better protected as a result.

Storm troopers, aka the employees of the Death Star, look as though they could cope with any situation – they’re in full body armour for starters.  But one laser shot to the arm and to the floor they go.

Perhaps with a little common sense user policy, someone might have thought to show the most inept army in the fantasy universe how to do a little duck and cover.

The five items below are steps that I would take for any network to increase its security and contribute to a user policy.  It’s not an exhaustive list and they won’t make you 100% secure against everything out there (nothing does), but having a policy that people can use and understand will help to strengthen your armour.

1. Password Policies  

Passwords really need to be about 12 characters long and complex (including upper and lowercase, numbers and special characters).     

2. Security on shared folders

Only allow people access to files and shares that they need access to. This not only prevents a malicious employee causing damage, but prevents anything masquerading as a user from accessing everything.

3. File auditing 

A partner to the above, can be set to see all files people access, or only the files they access that they aren’t supposed to.

4. Two Factor Authentication

Instead of just a password, consider using both something you know (your password) and something you have (finger print, smart card) to logon.  Most banks use this for online banking now; if you have a Barclays account the PINSentry device you have is part of your two factor authentication.

5. Network Security Monitoring

Monitor and analyse all network traffic, logs and events on your network in a centralised console. This allows you to see and track just about everything that occurs on your network, and may let you see malicious communications as they happen.

Other measures such as making sure all your program’s patches are kept up to date (TSG SystemCare can keep all your Microsoft programs updated), your anti virus is current and you have spam filtering on your emails (a hosted service like Symantec Email Security.Cloud can scan all your email for spam and viruses before it even gets to your email server) are also important parts of your security protection.

The explosion of mobile devices has made it even more difficult for businesses to be able to see threats and address weaknesses.  But by ensuring your users are knowledgeable about how they can play a part in protecting the businesses, plus using the right technology, will help you to become more secure.

For more information and some top IT security tips, my colleague Mark Cook recently put together a whitepaper – you can download your copy of ‘Protecting Your Assets’ here.

As for securing the Death Star, I’m just an IT bod, not Raith Seinar….