2. Perform Off-Site Backups
Small businesses have basically two approaches to choose from in doing backups: One is to copy critical data to a series of external hard drives and periodically rotate them from your office to a remote location (such as a bank safe deposit box). The other is to use one of a number of online backup service providers such as Box.net, Symantec Online Backup, Carbonite, or Mozy that offer low cost gigabyte-level storage. Big IT typically uses off-site tape storage because of the quantity of the data involved, but for smaller outfits, online services are less expensive and more convenient.
The trick with either method is to use them religiously, and to ensure that all of your data is copied on a regular basis. The online backup option could be especially handy in more than one way: Earlier this summer, Damian Zikakis, a Michigan-based headhunter, had his laptop stolen when someone broke into his offices. He replaced it a few days later; and because he had used Mozy, he thought that he was covered in terms of being able to bring back his files from the Internet backup.
When Zikakis had a moment to examine the layout of his new machine, he "found several incriminating files. The individuals who had my computer did not realize that the Mozy client was installed and running in the background. They had also used PhotoBooth to take pictures of themselves and had downloaded a cell phone bill that had their name on it," he says.
Zikakis did a bit of head hunting on his own and contacted the appropriate police department with this information. They were able to recover his computer, and now have the task of figuring out who actually took the laptop originally and what law enforcement options to pursue.
3. Use Hardware to Secure Your Internet Connection
SMBs often are not as attentive to the security of their Internet connection as they should be, and the results of such neglect could be disastrous. Last year, hackers compromised the point of sale system (POS) of clothing designer firm Nanette Lepore. The hackers managed to reconfigure the outdated firewalls and sold some stolen credit card numbers from the company's high-end clientele.
This happened because the company's chain of retail stores had little or no security measures or proper procedures. "All of our store clerks were using the same password to access the POS," says Jose Cruz, Nanette Lepore's network manager. "It was wide open. No one had ever thought to change passwords periodically, or even use different ones for each user. Prior to my arrival here, the emphasis on POS security wasn't urgent. Needless to say, this all changed."
Cruz got a call that no one ever wants to receive--from the FBI, telling him that several of their customers had received fraudulent credit card charges. This led to finding out that the company's Netopia DSL routers had been hacked, and their firmware had been changed to allow hackers inside their network.
The stores now use SonicWall integrated security devices, and Cruz has implemented password change policies and other security procedures to ensure that he won't get a repeat of what happened before. Such an approach can help an SMB keep private information secure. Another good policy: Ensure that all network access is turned off when an employee leaves the company.