The idea of do-it-yourself IT for a business owner might seem overwhelming. Realistically, unless the business owner has a background in technology or hires someone who does, taking on this aspect of the business may be foolhardy.
That said, by focusing on a few specific areas, proactive business owners can make their infrastructures safer.
PERIMETER: The perimeter is where the business network meets the World Wide Web. There is a reason the acronym is WWW ”” because it”™s a lot like the Wild Wild West! Yet while danger lurks everywhere, there is no lawman keeping the peace.
Businesses that demand higher security will require a firewall, but for the do-it-yourselfer the easiest and least expensive way to increase protection at the perimeter is with a better router, which can provide some basic protections for keeping your network safe. With a price tag of about $200, the best choice is the Linksys Smart Wi-Fi Router AC 1900 (WRT1900AC). It comes with a quick start guide and documentation on CD. The guided setup can get any novice up and running in under 15 minutes.
WIRELESS NETWORKS: Wireless networks are where most individuals are exposed and where even the most casual criminal can steal your identity. If you are setting up a wireless network and the Linksys Smart Wi-Fi Router AC 1900 above includes wireless, make sure you use WPA encryption with a passphrase that is hard to crack ”” do NOT keep the default that came with it! The WWW is filled with sites that will tell any would-be-criminal the default password.
PASSWORD POLICIES: Speaking of passwords, do you see your password in this list?
1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball
11. welcome
12. 1234567890
13. abc123
14. 111111
15. 1qaz2wsx
16. dragon
17. master
18. monkey
19. letmein
20. login
21. princess
22. qwertyuiop
23. solo
24. passw0rd
25. starwars
No, I”™m not psychic. A recent study of 2 million people published at Gizmodo identified these top 25 passwords. If someone can guess your password they can get to anything and everything you have access to. Any protection starts with making sure people use passwords that contain at least one capital letter, lowercase letter, special character and number. Moreover, they should be changed every 30 to 45 days.
USERS: Users are the most dangerous threat to your business”™ IT infrastructure. Not because they will intentionally do any harm (though there are some that might), but because they are human. Whether accidently deleting a file or opening a seemingly innocuous email that contains ransomware, users do the most harm and cost small businesses hundreds of millions of dollars a year.
While we can”™t get rid of users, we can train them. Additionally, you can set up a network that limits their access to only what they need to do their job.
WEBSITE: What”™s the first thing you do after you meet someone? You go online and search for them and go to their website to check out what they do. Today”™s website IS you ”” it represents who you are, what you do and is the first impression that you”™ll make.
To protect your site from being hacked, make sure your platform and scripts are up to date. Out-of-date platforms and scripts cause security holes that hackers exploit. They can replace your pages with their own, add content to your pages or redirect visitors to their site directly or with pop-up ads. Additionally, install security plug-ins if they are available for your platform, which will act as an “anti-virus” for your website. Finally, make sure your directory and file permissions are locked down. Tell your website developer that any files and directories that aren”™t for display are protected from prying eyes and hackers.
From physical wiring and servers to workstations, employees and websites, each business”™s infrastructure has a range of moving parts. By reviewing aspects involving perimeters, wireless networks, password policies and end users, you can make your technology more effective ”” and your business more protected.
Al Alper is CEO and founder of Absolute Logic, which provides technical support and technology consulting to businesses of up to 250 employees in Connecticut and New York. A national speaker on IT and security issues, he authored the book, “Revealed! The Secrets to Hiring the Right Computer Consultant.” He can be contacted at al.alper@absolutelogic.com or 203-936-6680.
