When it comes to protecting your technology assets from internet security
threats, it's best to think about policy before spending on internet security
products when thwarting viruses, spam, spyware and other nonsanctioned
intrusions into computer systems.
One important piece of advice: Just because a company's small doesn't mean
it's immune to the most malicious threats. Indeed, by association, a poorly
protected entrepreneur could pose a threat to its larger customers. In contrast,
a well-secured company--no matter its size--could make a more attractive
business partner.
But where to start? Certainly, you'd do well to stay abreast of Microsoft's
frequent updates to the basic security underlying the Windows XP and Vista OSes
and Internet Explorer. But experts caution entrepreneurs to step back and
evaluate exactly what they're trying to protect before investing elsewhere.
For some companies, the priority will be safeguarding key data, such as
customer records or HR files that are now subject to various privacy
regulations. Other entrepreneurs may be more concerned with the loss of
productivity associated with the spread of a malicious e-mail virus or the time
their employees waste filtering spam from their inboxes each morning. Still
others are perplexed by spyware and malware, which are software programs that
monitor usage habits on and off the internet to collect potential marketing
information and can slow PCs down to a crawl.
"You need to understand what you're trying to protect and then mitigate the
risk against that," says Michelle Drolet, CEO and founder of
Conqwest, a security
consulting firm in Framingham, Massachusetts, that generates a weekly newsletter
outlining new security threats.
One great resource for entrepreneurs is the website maintained by
The SANS Institute, which
provides free educational resources about computer security. You can also sample
policy documents covering practices for security audits, password usage, remote
access and using notebook computers, which can present a huge challenge to a
company's overall security profile. Entrepreneurs should also step back and
detail an "acceptable use" policy for their computers and internet connections,
outlining how employees should handle unknown e-mail attachments, when they can
use IM software or download files, the proper procedures for tapping your
internal network from a wireless connection and so on.
"Put it in writing so they understand what's right and what's wrong," Drolet
says. "Let them know the rules of engagement."
Once you've figured out what to protect, you need to assess where you're
vulnerable. That could mean hiring an outside company or buying software to scan
your PCs, e-mail servers and internet connections. Drolet says the costs of
biannual scans for a company running two servers could run about $400 (or $75 to
$100 per server, per scan), while basic desktop software, such as the Trend
Micro PC-cillin product line, can be purchased for about $50 to $60 per system.
Similarly, a firewall, which can thwart viruses or server hacking attempts,
doesn't have to be prohibitively expensive. For example, a 10-user edition of
the Juniper Networks NetScreen-5GT firewall including anti-virus software goes
for $940 (all prices street), plus an annual support fee of $62, which includes
a year's worth of AV updates, Drolet says.
And as more businesses adopt wireless networks, it could pay to consider
protection in this arena. Drolet says companies often overlook the dangers of
wireless access. She's seen cases, for example, where companies' servers have
been used on the sly to host websites. She recommends technology from Aruba
Networks, that goes for about $750, which protects your company's wireless by
alerting you to rogue access points, thus thwarting unintended connections.
No matter what security approach you adopt today, however, it's important to
understand that your needs will evolve over time and you'll need to revisit your
policies to stay on your toes. Says Drolet, "It's about vigilance."