- Special Sections
- Public Notices
Many business owners fear computer data breaches, but they don’t know where to start protecting themselves from information-highway robbers. Some wonder why they should spend money on sophisticated security systems when hackers can get around them. But a business doesn’t have to spend a fortune to introduce basic IT security measures that can significantly reduce its vulnerability.
Know the enemy
Small-business owners assume hackers only seek big money from big businesses. But hackers like small ventures because most have minimal security. Hackers likewise prey on business travelers who use unprotected mobile phones and electronic devices to send sensitive information.
Hackers often extract information about a business through employees, making regular training about basic IT security practices essential. Hackers know companies have lots of software running on computers that are not patched and updated and are vulnerable to the malware or keystroke logging programs hackers use to steal account information. And weak passwords are easy for cyberthieves to break.
How to be more secure
A business owner should first identify what data or intellectual property is most important to protect based on the potential impact of its loss or corruption. To begin protecting it, he should:
Strengthen passwords: People often use the same simple password on multiple sites because it’s hard to keep track of dozens of them. The free program Password Safe (http://passwordsafe.sourceforge.net/) offers a way to store, generate and manage passwords.
Use encryption programs: Businesses that use Dropbox, Google or other Internet services should consider getting SpiderOak (https://spideroak.com/), a free online backup, synch and sharing program that encrypts, or scrambles, the data on a computer before it’s uploaded to the Internet. It works with Windows, Mac and Linux operating systems.
Monitor computer logs: A company’s firewall, server or router generates logs that require regular monitoring to detect early signs of suspicious activity. A time-crunched business can hire a managed service provider to keep watch and perform regular patching, or it can purchase log management software packages.
Encrypt files sent by email: Sensitive documents sent via email can expose a business to hacking. AxCrypt (http://axantum.com/axcrypt/) is a free, open-source product that works with Windows to allow email attachments to be sent in encrypted format. The email recipient needs to know the passphrase to open the file, and this should never be sent by email.
Attend the IT Security Summit New Mexico: On May 3, Santa Fe Community College hosts a conference where anyone from IT and information assurance professionals to business professionals and entrepreneurs can learn about the latest computer security trends and share remediation strategies. Experts in research, business, academia, law enforcement and government will address cyberthreats, and a panel discussion called “Virtualization Strategies: A Security Perspective” features chief information officers and IT security professionals from the University of New Mexico, private industry and Los Alamos National Laboratory discussing the security implications of server consolidation projects.
The conference is sponsored by the New Mexico Technology Council (NMTC) and the state chapters of the Information Systems Audit and Control Association (ISACA) and the Information Systems Security Association (ISSA). Space is limited; register at http://fbcinc.com/itssnm.
Finance New Mexico is a public service initiative to assist individuals and businesses with obtaining skills and funding resources for their business or idea. To learn more, go to www.FinanceNewMexico.org.