We all know what security means when we think of our home. Did we lock the door when we left for the day? Is the stove turned off? Computer security for the small to medium business (SMB) must address similar concerns. Can a hacker gain access to its servers? How can a business protect its data?

Entry Points

A personal computer virus is a hidden software program that spreads from personal computer to computer. Infection comes from reading an e-mail that has a virus program as an attachment, or from visiting a web site that has been compromised. By visiting such a web site, the virus can be unknowingly downloaded onto the personal computer.

Another scenario is when criminal hacker viruses attack the servers that house business systems, including e-mail servers, while others attach to the computer networking infrastructure.

One of the most common types of viruses uses a business’s system to send out spam (the business’s system becomes the surrogate sender of e-mails, which typically include advertising e-mails pertaining to medications, sex, and the like). Another common type of virus is oriented toward gaining confidential data.

Legal Responsibilities

Virus protection is a legal responsibility. A business that allows viruses to emanate from its site or from the laptops supplied to its employees may be sued for consequential damage. Insurance companies offer some protection to an organization that implements a full security program.

What To Do

Install the appropriate antivirus software. The software works by recognizing the code in the virus’s program that is to be executed, and stops it dead. Two well-known antivirus software products for the desktop and the enterprise are Symantec (http://www.symantec.com) and McAfee (http://mcafee.com). Both offer excellent products and services that address a business’s network, the server, and the desktop.

Usually the purpose of a virus attack to a business system is to obtain confidential data, such as customer and credit card information. Recently, two businesses of note were hacked into even though due diligence was practiced: TJMax and Hannaford Brothers, each having 4 million credit cardholders.

What must an SMB do to protect itself and its clients? Here are a few pointers:

• Personal laptops must have an antivirus installed on them, which is kept current through regular updates.

• A business’s servers must be protected from server-based viruses:
  • Database systems must have access control mechanisms in place.
  • Confidential data must be stored encrypted.
  • Web servers must be protected.

• Firewalls must be installed on network servers, and servers must be configured to block open, unprotected ports. (A port is similar to an apartment doorway in an apartment building.)

• Surveillance by network administrators must be performed. Detected viruses should be met with immediate remedial action, and a log should be kept of such occurrences.

• Match the rules imposed by financial institutions. Use public key encryption to transfer files to and from business partners.

Network servers are an area usually overlooked and left unguarded by the small business, although these servers are relatively easy to protect. Again, companies like Symantec (http://www.symantec.com), Juniper Networks (http://www.juniper.net), and Cisco (http://www.cisco.com) provide the protection software products and services to keep the front door locked.

Further information is available on the vendor showcase of our web site at http://www.vendor-showcase.com/