It’s not a matter of if, but when. You might think that as a small business owner, your company is not a target for malicious hackers or attacks, but this couldn’t be farther from the truth. Size doesn’t matter when it comes to maintaining business continuity in light of security threats – both natural and man-made – anyone and everyone is susceptible. Think about what kind of information you could lose from various business security threats – years worth of tax records, confidential employee information including Social Security numbers, signed customer contracts and customer contact records, just to start.When an eight person law firm in Miami was hit by Hurricane Ike in 2008, it was forced to close its doors after a decade of being in business. Everything they had was destroyed and irretrievable. Although this was a natural disaster, the business owner could have taken some relatively easy and cost effective precautions to ensure his business was safe from common small business security threats. Fortunately, for today’s small business owners, there are many software applications available that are adept at maintaining business continuity. These applications are easily accessible and simple to implement, making your business safer in case the unthinkable should occur.The Keys to Maintaining Business ContinuityI see many small businesses make the same common mistakes when it comes to securing their data and maintaining business continuity; I’ve listed them (below) in an effort to help companies protect themselves from business security threats. Most companies I talk to believe they are secure, when in fact, they are unmistakably vulnerable.Mistake #1: “My data is secure; I’ve got it backed up on-premise.”Let’s say you are fortunate enough to have a security system, a fire detection system and are part of a secured office park with security personnel roaming the grounds 24/7. Just because your premises are secured doesn’t mean your records are safe from business security threats. In fact, it’s the opposite. Many businesses commonly make the mistake of backing up files only on-premise or back-up on premise and remove discs or tapes manually on a regularly scheduled interval (ex. once per month). The smartest solution to combating business security threats is to have all your data saved and stored in an off-premise data center. By having your data backed up off-site, you ensure the safety of all your important files and you get the added benefit of being able to access important files from any Internet connected computer (with the right security authentication of course!)Like in the earlier example of the law firm affected by Hurricane Ike, if it had stored all of its files off-premise in a hosted data center, the employees would have been able to save all of the files, retrieve and reinstate them and gotten the business back up with minimal interruption. Backing up to an external hard drive or NAS (Network Attached Storage) device is critical to maintaining business continuity and preventing data loss due to hardware failures. However, small businesses commonly face fires, floods, thefts, and other business security threats that require backups to be off site. Make sure your business has a secure backup solution in place to allow data to be stored off-site. These solutions are relatively inexpensive in terms of maintaining business continuity, especially considering the alternative.Mistake #2:”I just bought a new PC, so I’ve already got the latest and greatest security software loaded.”You may be thinking to yourself “I already have all the security I need.” Yes, Microsoft Windows does have a firewall feature guarding against common business security threats, but these off-the-shelf components aren’t nearly enough to support the needs of a company. Ideally, small businesses should employ the same “defense in depth” strategy large enterprises use to secure their internal networks. PCs should have their software firewalls enabled and properly configured, and have a firewall router on the network’s edge to provide a second layer of defense against business security threats. This way, if a PC’s firewall is not configured properly, there is still a layer of protection between the computer and Internet threats. By selecting a managed firewall application, small businesses will shield themselves from critical network threats, block unnecessary Internet traffic, and restrict applications used on your network. This type of security product is a necessity for protecting small business networks from malicious Internet threats and maintaining business continuity.Mistake #3:”I installed new security protection software in the past couple years or so.”As you may know, many laptops and desktops come with pre-installed free trials of a brand name security offering, although this will keep your desktop secure for a brief time, many small businesses commonly make the mistake of letting this software expire and forgetting to update it. In order to protect your desktops and laptops from online business security threats, you must install a secure desktop solution to protect PCs from viruses, spyware, and other Internet-borne attacks. Sold as a bundle as part of many communications and IT services, secure desktop applications have no expiration dates to keep track of. The best part of this software application is that updates are automatic, which means there are no more software upgrades to install–reducing the cost of IT management. Maintaining business continuity is easy–just secure your desktop as soon as you can!Mistake #4: “I have to update my browser and operating system (OS) security patches myself, and I just don’t have the time.”Small businesses can easily be taken advantage of due to low security on their browsers and operating systems, but these types of business security threats can be easily avoided with automatic security patch updates. Many small businesses take the burden of updating their PCs with the latest software versions on themselves, but OS security can be easily automated, which makes maintaining business continuity a breeze. Yes, small businesses should ensure the updates take place and check in on them regularly, but today’s technology helps alleviate some of the time it takes to manage the situation.By avoiding these common culprits of business security threats, companies can protect one of their most precious assets – data and files. Most businesses will face many threats in their lifecycle. Learn from the mistakes others have made and take these steps towards maintaining your business continuity.
One of the greatest game-changing innovations of this decade is cloud computing. The shift away from pure on-premises applications and data storage is already well underway, with consumers, small and midsize businesses, and even large enterprises putting applications and data into the cloud. The ever-present question however, is whether it is safe to do so. Cloud computing security is by far the biggest concern among those considering the technology. And if you’re an IT manager, it’s good to be paranoid. Losses from cybercrime and attack can be enormous, and the 2008 CSI Computer Crime and Security Survey show an overall average annual loss of just under $300,000.It may seem like a leap of faith to put your valuable data and applications in the cloud, and to trust cloud computing security to a third party. Yet faith is not a part of the equation, nor should it be. Every enterprise needs to know that its data and applications are secure, and the question of cloud computing security must be addressed.In fact, the cloud does have several security advantages. According to NIST, these cloud computing security advantages include:o Shifting public data to a external cloud reduces the exposure of the internal sensitive data
o Cloud homogeneity makes security auditing/testing simpler
o Clouds enable automated security management
o Redundancy / Disaster RecoveryAll four points are well taken. Cloud providers naturally tend to include rigorous cloud computing security as part of their business models, often more than an individual user would do. In this respect, it’s not just a matter of cloud computing providers deploying better security, the point is, rather, that they deploy the precautions that individual companies should, but often don’t.A common security model
Most application providers impose some level of security with their applications, although when cloud application providers implement their own proprietary approaches to cloud computing security, concerns arise over international privacy laws, exposure of data to foreign entities, stovepipe approaches to authentication and role-based access, and leaks in multi-tenant architectures. These security concerns have slowed the adoption of cloud computing technology, although it need not pose a problem.The very nature of a cloud platform is that it imposes an instance of common software elements that can be used by developers to “bolt on” to their applications without having to write them from scratch. This advantage is especially useful in the area of security. The cloud “platform as a service” brings an elegant solution to the security problem by implementing a standard security model to manage user authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Consequently, any SaaS application that runs on the common platform would immediately benefit from the platform’s standardized and robust security model.Superior physical security through cloud computing provider
Lack of physical security is the cause of an enormous amount of loss, and insider attacks account for a surprisingly large percentage of loss. And while the specter of black hats hacking into your network from a third world country is very much real, very often, the “black hat” is in reality a trusted employee. It’s the guy from the Accounting department who you have lunch with. It’s the lady who brings you coffee in the morning and always remembers that you like two sugars. It’s the recent college grad with so much potential, who did such a great job on that last report.Of course, insiders can attack your network and data regardless of where it is located, given enough incentive and information, but physical proximity of the actual hardware and data makes it much easier to gain access, and cloud data centers tend to have better internal physical security protocols, including locked rooms, regulated access, and other protections against physical theft and tampering.Conclusion: Superior security through the cloud
Besides physical security, technical security is of the utmost importance. Hosting your own servers and applications requires extra measures. A larger organization may need to deploy dedicated IT staff to security only. Cloud computing, on the other hand, builds cloud computing security directly into the cloud platform. While the company still must maintain in-house security in any case, the provider ensures that the applications and data are safe from attack.We tend to think that retaining control over everything is inherently more secure, when this is not the case. Smaller companies especially may lack the skilled security staff in-house, and even larger firms often just don’t have the resources to dedicate to implementing rigorous security on an ongoing basis. A cloud computing provider on the other hand, which offers a detailed service level agreement and retains skilled security staff in-house, will often provide superior security when compared with the in-house alternative.