Friday, July 22, 2011

Security, computer style, small business

Wall St Journal reports that hackers are having a field day hacking small business computer systems. Smaller operations lack a big well trained IT department dedicated to keeping hackers out.
For small business men, I offer the following advice to keep your business information confidential. Worry about the security of plans and drawings, the CAD files that control the making of your product. And the software, both source code and executable that make the product run. Email, customer lists, human resources material such as employee reviews, and especially payroll. You don't want your competitor hiring away your best people, and going after your customers.
Remember that Windows computers have no security, any high school kid can break in and do anything he likes, tracelessly. Windows computers connected to the internet are even more vulnerable. An unpatched Windows computer will be infected by a virus within 10 minutes of connecting it to the net.
In light of this, step one means don't keep anything on a Windows computer that you don't absolutely have to have there. Let ADP do your payroll on their machines. Back the plans, drawings and software up to CD's and store them in file cabinets. Review all those reports each department makes and keeps, with an eye to weeding out the deadwood and backing up the historical stuff. If you ever get sued or investigated it's stuff from your files they will use to hang you. Less is better.
Don't allow dialup connections to your company machines. A dialup user is most likely a hacker.
Disconnect from the network all machines that don't absolutely have to have live internet access. Those dedicated machines down in production that burn proms, and test product don't need to be on the internet.
Brief your people that anything they put in email is public, just as if they posted it on the cafeteria bulletin board. Discussion of issues of interest to your competitors should be down face to face, not by email.
There are no silver bullets, your company computer network is vulnerable. Your only chance is to remove stuff you don't want your competitors to see.

No comments: