Security is complex but you have to start somewhere. This is, in my opinion, the bare minimum, basic, no-brainer, and got-to-have things for small business security.
This article is sure to incite some debate as I could have easily listed ten or more steps a small business should take in terms of security. Some might disagree with the three I've selected here-and that's ok. Anyone reading this blog will hopefully get the point, which is that security can be complex, especially if you're a small business-but you have to start somewhere. Where do you begin if you're a lawyer running an office with six computers? Or a doctor who has a nurse running the "IT Stuff." You might not be able to afford everything under the sun, or that pricey consultant or that expensive managed service. But that doesn't mean you don't still have security concerns.
If you're a small business, please view these steps for exactly what they are: a starting point-simply an organized a place to begin. These are the absolute bare minimum, basic, no-brainer, and got-to-have things! If you know someone who has a small business, send him or her this blog.
The three most important security steps a small business should take are:
1. Antivirus Software
3. OS Patching
Let's dig in...
Please raise their hand if a virus has infected your computer at some point. Now take that hand and go purchase some Antivirus software for all the PCs in your small business! You'd be surprised (I always am) about how many people still miss this basic fundamental step. Many times I also find that while folks have no problem buying and installing the software they can't seem to keep it up to date. Maybe their subscription ran out, or they have the software configured incorrectly, but it isn't updated with the latest virus definitions (those would be the antidotes to the virus, for the lay reader). Always ensure your small business has Antivirus software and that it is up to date.
The typical small business will have DSL or cable for Internet access. With almost all of these connections you will be provided with a small firewall like a D-Link or Linksys brand appliance. These firewalls are given to you for a reason. They are better than nothing, I will grant you that, but they are not the most robust firewalls in the world, and in many cases they won't provide the small business with adequate protection.
A sensible investment for a small business is a higher-grade firewall, preferably an application layer firewall (see wikipedia.com for an explanation of application layer firewalls). Better yet, a Unified Threat Management (UTM) appliance offers companies multiple edge-of-your-network security features like network-based Antivirus, intrusion prevention, and anti-Spam. See this whitepaper on TechRepublic.com for more information on UTMs. A UTM can be an effective means to maximize your security without completely whipping out your budget.
There's a good chance your small business runs Microsoft products like Windows XP and Microsoft Office, and so on. If it does, you may be vulnerable. Microsoft's operating systems are a big target for hackers for several reasons, not the least of which involves their popularity. Everyone picks on the popular OS, and there's also the fact that, historically, they've had many vulnerabilities. And until that changes, Microsoft will continue to release security patches on a monthly basis that close these vulnerabilities. They key is to make sure your Microsoft products are up to date and have the latest patches. One important thing to consider is making sure those patches don't break any of your applications. You may wish to deploy the patches to one or two of your computers first to make sure they don't cause any major problems before you role them out en masse.
Ok, I know. The savvy IT guy reading this article is all fired up right now. He's got thirteen other things to add to my list. I say to you, post them to the threads below. We want to hear them. For all you small businesses, read the threads below and check out the other tips from the experts in our midst. Use these suggestions as you budget for IT security and make practical decisions about how to improve your small businesses security. It's my belief that some security is better than no security, so start small, do what you can, and budget/plan for the future.
Jeremy L. Smith writes about IT security and Microsoft Products. As a former Microsoft Certified Trainer he taught hundreds of students on many of Microsoft's most popular products. He holds the following IT certifications: CISSP, MCT (inactive), MCSE+I, MCSA, CNE, A+, N+, and has completed a Masters of Science in Information Technology. He currently works as a solutions architect where he designs enterprise implementations of the Active Directory as well as IT security solutions for the Public Safety Industry. He also teaches computer security classes for National University and the University of Phoenix.