Solid Security Strategy Keeps Downtime at Bay
In my conversations with small- and mid-sized business owners and leaders, security is always brought up as a major concern. Sometimes it is the reason that businesses do not want to make a change in their technology. Other times it is the reason that businesses feel they need to make a change.
r
In discussions about hosted solutions and cloud computing, security is the No. 1 reason cited for not making any change. The notion is that anything technology- related located on-premise is more secure than anything that might be located off-site.
r
While this notion certainly can be true, I find in most businesses I work with that this is seldom the case. Small- and mid-sized businesses tend to overlook the risk of being connected to and sending data over the Internet, the importance of software and data security, and the potential impact of an ineffective back up and recovery strategy.
r
The Internet is based on standard communication protocols. Any computer on the Internet can talk to any other computer on the Internet. When you hook your business up to the Internet you’ve basically announced to the world, “We have computers here.”
r
Many reason that, because their business is small, their computers are safe. Unfortunately, it is exactly the opposite. Larger businesses tend to have strong security, so hackers seldom bother with them.
r
A small business recently moved their Internet connection from a local service provider to a direct connection provided by a major carrier. Within two weeks the 25 computers on their network were basically unusable due to viruses, spy-ware and mal-ware. They did not realize they left the protection of the local service provider’s firewall. A firewall protects a private network from the Internet and is an essential part of security.
r
After the addition of a firewall and many hours of clean up labor, the business was able to continue normally.
r
When moving information over the Internet, small- and mid-sized businesses need to be aware that, without encryption, their information is easily hacked.
r
Many law firms and CPA firms use the free e-mail services provided by Yahoo or Google, or have in-house POP mail or Microsoft Exchange. Typically these e-mail services provide no encryption of messages and can be easily read as they pass through the Internet.
r
This is an area where hosted services can provide security benefit. Most providers of hosted Microsoft Exchange provide encryption as a standard service. However, if your e-mail is being delivered to a POP account or free Internet account the encryption will be dropped.
r
In-house software and data security is often overlooked. Server software, application software and database software should have effective security capabilities built in. Most do. Unfortunately, most small- and mid-sized businesses tend to view these as troublesome and make little to no use of these capabilities. The result is that anyone within their network may have access to servers, file shares, applications and data. Without effective firewall protection in place, their network includes the whole Internet.
r
Another often over looked aspect of software and data security is back up and recovery. Most business owners and leaders just assume this is taken care of. However, incomplete strategies regarding back up and recovery are more the norm than the exception.
r
“Data only” back ups leave businesses in a poor position for timely recovery of application software. Poor back up timing may cause the loss of critical business transactions. back up software, tape drives and back up tapes have higher failure rates than most realize. Much manual work is involved in rotating tapes and moving them to off-site storage. I’ve worked with businesses that have spent weeks storing empty back up tapes.
r
Well-vetted hosted solutions have an advantage in that software and data back up and recovery will be provided within the standard solution.
r
With an effective, well-executed security strategy, your data can be equally safe on-site or off. The real question is, “Are you paying attention to your security strategy?”
r
(Steve Hankins is CEO and co-founder of Accio.US of Springdale, a technology company providing advisory and management services for small to medium-sized businesses. He may be reached at [email protected] and followed on Twitter as @stevehankins or @accious.)
r
r