This is part one in a two-part series on protecting digital assets.
Many computer criminals are targeting small and medium size businesses because they have more valuable assets to steal than consumers, and their security is generally much weaker than large enterprise companies. A small business represents a fat and easy victim to criminal hackers. As a small business owner, you need to know how to protect your company from cyber-attackers and thieves who are half a world away and beyond the reach of typical law enforcement efforts. In addition to that danger, there are a plethora of mundane risks and hazards that can destroy your computer operations and cause financial damage to your company.
Here are three ideas in this two-part series to help you protect your digital assets:
Back when I was in computer school, we were admonished to “start at the physical level” when troubleshooting a computer problem. You know – is it plugged in, is it turned on? This is important advice when it comes to computer security, too. Your computers need to be physically secured from simple theft by an outsider or even a disgruntled employee. This means your server is in a dedicated closet or room, not out in the open office area, and there is a lock on the door. If you have security cameras, one should be pointed at the server location. Desktop PCs can be physically secured with simple cable and lock kits. Laptops, tablets, and smartphones need to be secured when mobile. Leaving your laptop visible on the backseat of your locked car is not secure; put it in the trunk if you can’t take it with you. Leaving your phone out on a table or bar top is an open invitation to a snatch and grab artist. A software tracking and/or device wiping program is a particularly great addition to any mobile computing device, so you can find and recover your device, or delete your personal information and files remotely if your computer or smartphone becomes lost or is stolen.
Everyone needs to be protected from Internet-borne threats and exploits. The two most common attack vectors are emails with malicious links, or websites with malicious embedded downloads. In many cases the email link takes you to the compromised web page, but there are plenty of examples of well-known and well trafficked legitimate websites that have been hacked and for a time were hosting malicious downloads unaware. A top-quality, fully featured Internet security product will help to protect your computer from these threats. You will want something that actively scans file downloads and has a link scanner to protect you from malicious or infected websites, as well as the usually anti-virus, anti-malware, anti-spam, and firewall features. Your network should also be protected by a good quality hardware firewall and intrusion detection device.
Your data—the files, documents, spreadsheets, presentations, images, emails, videos, plans, designs, and financial and client information that represent your work product and records—need to be protected not just from malicious attack, but also from random hazards. Everything from a simple hard drive failure to transient electrical surges, lightning and storms, fire, flood, and theft can result in the loss of the data store that runs your business.
A backup program is the first line of defense. My recommendation is the have a full local backup of your server in the form of a disk image you can use to rebuild your server from scratch quickly. Couple the local backup with an online backup of the critical data files that are necessary to restore your business to full operation. The local backup allows you to recover quickly from equipment failures; the online backup allows you to recover from the more serious problems of fire, flood, and theft. You also will want to backup any data on the PCs in your company that is not already stored on the server. Online backup systems should suffice for that.
In my next post, I’ll discuss how passwords, Google and mindset all play an equal role in protecting the digital assets of your company.