Security

The unfortunate truth is, cyberspace is becoming a more dangerous place. And this is occurring while computer systems, ever so gradually, are becoming more and more central to our company's operations. Many small business owners have never stopped to think what would happen if they lost all their computerized information, or if that information was "hacked" and made available publicly. While some professions have specific regulatory requirements (e.g., HIPAA), many have "code of conduct" expectations for protecting client/patient information.

These two trends mean what used to be "good enough" often isn't anymore. In particular, just having an anti-virus product on your system doesn't mean a secure system. At a minimum we recommend all businesses, no matter how small, do the following (in rough order of importance):

  • Assessing what the risks are, how likely they are to be exploited and what the costs of a security breach might be. Don't forget to include "internal" as well as external risks, and breaches that don't "cost you" but end up benefiting others--like your competitors ending up with your customer list.
  • Perform routine "patch management" - all software, especially your operating system and popular applications like Office, Flash, Internet Explorer, etc. need to be updated to fix problems found after the software was shipped.
  • Having a real firewall (not just a "NAT appliance") protecting you
Vanishing Clouds offers a free, 2-hour security assessment. Please contact us if reading this makes you nervous!
  • Educate your employees - especially about passwords, security issues and your expectations about their "at work" behavior (e.g., what surfing is allowed).
  • Centralize/standardize security settings
  • Develop a disaster recovery system that includes regular backups and archival operations. Backups and archives are different things and you should be familiar with (and using) both.
  • Use an anti-virus product, while they don't begin to protect you from everything (and are less useful than most people think), they do serve a purpose and you should have an up to date system
  • Consider upgrading to the newest versions of Windows and Office. Microsoft, since February 2002, has been devoting huge resources to finding and systematically "designing out" problems. The result is their newest software is remarkably more stable, reliable and safer than older versions. And in many cases, the new versions run faster too! But only a detailed analysis, considering your requirements and existing hardware can tell if upgrading is worth the cost.

You can find more about these concepts at various places on the web, including an excellent series on Microsoft's Security site. Like many vendors, however, Microsoft has a stake in some of the items they suggest. We're happy to meet with business owners/managers and help you assess how this general checklist should apply to you.