Home | Contact | Advertising
Small Business, Information, Resources, Articles - SmartBiz.com
Members Login:
Sign Up Forgot?
Marketing Online
Email Marketing
Search Marketing
Website Creation
Web-based Software/SaaS
Case Studies
Smart Answers
Smart Blog
Human Resources
PCs & Online Equipment
Mobile Computing
Security/Business Continuity
Telecom/Office Networks
Small Business Products
Free White Papers
Tools and Calculators
SmartBiz Forum
Legal & Business Forms
News Feeds
Featured Webcasts & Videos
Franchise Offers

Search SmartBiz:
Forms and
White Papers
Free Email
The Three Ps of Security: Policies, Policing and Personal Responsibility
Email ArticleEmail Article
Print ArticlePrint Article
Increase Text SizeIncrease Text Size
Decrease Text SizeDecrease Text Size
Digg This
Bookmark and Share

By Ken Seitz

In the aftermath of high-profile data breaches at major companies such as ChoicePoint, Bank of America and Lexis-Nexis, small business owners are left to wonder how they can possibly protect their own sensitive data when major corporations with huge IT budgets canít.

Part of the problem is the intangible nature of data security. While guarding a door or manning a check point is readily understandable, data security is difficult to comprehend and more complicated to address. Indeed, itís often tough to determine what constitutes enough protection until a situation arisesóand by then the damage is done.

To put IT security at a tangible level, it helps to develop and follow a well-conceived security policy. Unfortunately, most companies approach security from a much less strategic standpoint. Either no such policy exists or, if it does, itís not consistently followed.

The first step in establishing successful security policies is to develop an understanding of exactly what data needs to be protected and whatís at stake if it is lost or compromised.

Here are some typical questions: If crucial accounting data is lost, can it be restored? Do you have a backup and, if so, what is the recovery time for restoring information? If customer data is exposed, what are the potential ramifications? For example, a credit card processing company may market itself as a secure caretaker of data. If it loses or exposes customer information, the slip will a great deal in lost business, damaged consumer confidence and potential lawsuits.

Armed with an understanding of what needs to be done and what is at stake, companies must consider ways the data can be accessed. Is it readily accessible from the Internet, or is it on a back-end system that employees alone can reach? Are proper limits placed on what those employees can and canít access?

Employee access is a critical issue. While the common belief is that hackers are the most serious threat to data security, the biggest danger actually comes from inside a company. It could be a simple mistake (such as an employee saving information to the wrong area of the network) or an intentional action (such as browsing network drives where confidential information is stored or copying client lists).

Another vulnerability comes from adware and spyware that infects company computers. Although these programs are not destroying data, they are adversely impacting the machines themselves. It's difficult to be sure of how dangerous this software is. So far, it appears that theyíre not doing much more than tracking Internet movements or attempting to hijack browsers. That doesnít mean, however, that they canít become dangerous or destructive.

Adware and internal espionage aside, a final risk factor comes from those who fail to take security seriously. A companyís security strategies need to start at the top. Owners and managers must maintain the highest levels of access to the most valuable company information.

Unfortunately, thatís often not the case. For example, members of a management team frequently exclude themselves from strict password policies, either avoiding lengthy or complicated passwords or not changing them frequently. Consider the business owner who has used the family petís name as a password for years. An unauthorized user who can guess that can gain access to sensitive client information, revenue figures, payroll and other sensitive data.

| 1 | 2 | 3 | Next page »
Ken Seitz is Chief Information Officer for Tampa-based E Solutions Corporation.
Add a Comment View Comments
Small Business Home

SmartBiz Shop
Promotional Items with Your logo
Smart Services
Add Your Logo Now
Get Your Business Online
Build a Website Host Your Website Market Your Business Online
Business Form Downloads
Legal Forms Business Forms
Smart Forums
Recent Postings
Stimulus or "Pork"ulus?
Blog: How Do You Know What Insurance Is Right for Your Business?
If Layoffs Are Necessary, Protect Your Business
Blog - Do You Have Email and Internet Usage Policies in Place?
Home | Contact | Advertising
© 2019-2021 SmartBiz. All rights reserved. Privacy Statement and Terms of Service
Small Business Home | Business Tools | Online Business | Bits & Bytes | Sales & Marketing | Business Strategies | Forums & Resources
Browse Abandonment & Cart Abandonment Driven By: Hosted By:   Design By:
Browse Abandonment
XML LogoRSS Logo
Receive our stories via SmartBiz XML/RSS feeds.
Include our stories on your website through SmartBiz javascript content feeds.