Simple Answers for Businesses Concerned About System Security.
Are you responsible for a store or other small business, and security, keeping you up at night? Let’s get you some rest.
In this article, we will talk to the common business owner about why computer security is needed, and offer solutions to achieve complete system security. This article is for non-technical beginners and individuals who own or operate businesses and is an introduction to security.
Warning: This document range is only on computer systems, and not the larger topic of system security. Please see Computer vs System Security for more information.
Warning: This article advocates for a measured, prepared approach to computer security that may not stop all threats. We make no guarantees, apart from security is never guaranteed. Buy insurance and follow all rules and regulations.
Why Should I Care About Security?
Compromising your business security can risk the future of your company. It can lead to embarrassing news coverage and a blemished reputation that can risk your customer’s trust in you. The information and loss of privacy can not only affect you, but also your customers. Not that we want to ignore the fact that lawsuits are expensive.
Understanding the Problem
As a security consultant, I’m frequently asked if a system is secure. The truth is, no. Given an unlimited number of resources, any system is vulnerable. Therefore, you must wonder how do I sleep?
Well, I sleep extremely well because I know how to prevent most attacks. I know it takes a team to succeed. And yes, I come with backup.
How to Know You’re at Risk
Here’s a simple comparison to know if you face a threat.
Secure = Cost of Compromise > Gain of Compromise
Or in layman’s terms:
Security comes from removing the bad guy’s profits.
What this says is that you probably have a low risk of security, unless you present a large financial reward to any hacker.
Recommended Solutions
Let’s start with our top recommendation: Perform a security audit. Why?
The only way to improve the security of your systems is to have a qualified security professional carry out a security audit. This is important if your business is controlling resources that have significant value.
Because, this is a great method for businesses to analyze, and potentially eliminate, the risk they face without breaking the bank. Getting a system analyst to audit the systems you deploy can drastically drop your risk. And the documentation produced can lead to a better solution that specifically targets your unique business needs and risks. This can be coupled with insurance that can further protect you and your organization from any remaining financial risk you face.
Computer vs. System Security
Our document is focused on Computer Security, not system security. Unfortunately, computer security alone won’t make your business secure, and you would ignore one of the biggest threats.
Imagine getting a call. You pick up the phone, and the sound of static greets you. The employee on the other end identified themselves, but is barely audible. He briefly explains that hell is breaking loose, the password and username at the office will fix all his problems. Except, it’s not who you think they are.
It’s harder to address the problems of “Social Engineering.” These attacks pray on our weakness and attack what we don’t think about.
The solutions to this problem can be a bit more complex. Our policies, procedures, and training must work in harmony to ensure people make the right choices.
Information system security experts, like Proper Programming, can help analyze your processes and find these issues.
First Steps
First, relax. Take a deep breath. The solution to computer security is actually easy. Increase the difficulty, or decrease the reward, and put the hackers into the red.
We can do this easiest by doing these five things:
Keep software upgraded and maintained.
Use and require password managers from all your employees.
Always use cloud backups, as well as occasional local backups for your resources and data.
Perform regular security audits.
Get insurance.
From our experience, most small businesses are not performing these simple tasks, leaving them at an increased chance of loss.
Warning: All financial, custom development, and out-of-date systems should receive regular security audits and updates.
Documentation
Our research shows that the impact documentation can have on the cost and security of your systems is profound. Please consider requiring it at every step in your development process. Don’t forget, but insist on it. It’s the biggest thing you can do to ensure your business success.
Our experience shows us that you’re not documenting enough to reap the benefits. Yes, chances are you can save time and money by documenting more.
What’s Next?
There is more to do, so here is some more in-depth information on the topic.
Threats and Responses
Bad Passwords!
These attacks deploy programs that use lists of non-strong passwords, or known password/username combinations, on various types of systems.
Password Manager
A password manager prevents this type of attack by allowing you to remember a single password. This gives you access to a library of unique, strong passwords that you don’t need to remember.
Captcha
Captcha can also reduce the effectiveness of this, but can’t be deployed on all systems.
Out of Date Software!
The first most common threat faced by businesses is a type of attack that uses known security flaws to compromise systems that do not get upgraded.
Update Your Software
Yep, simply turn on that auto-update, and the risk goes away. Be careful, a single out-of-date computer can provide access to your entire network.
Maintain Custom Software
Custom software needs to be maintained to be secured. Otherwise, it risks bugs developing as its ecosystem updates.
Denial of Service Attacks!
Another threat that is more complicated to deal with is the denial of service attacks. These attacks bombard your systems to overwhelm them, thus shutting them down.
Due to the resources required, they are not as often seen. Except in rare cases of harassment, most won’t face this threat.
Preparation
The best defense is preparation. Talk to your service providers and plan.
What you need to know:
What will happen to the cost of your infrastructure?
Will you be notified?
Is your hosting going to shut down your accounts?
Are you going to automatically block suspicious traffic?
Proper Infrastructure
Content Delivery Networks are some of the best ways to secure yourself from this attack. They will respond to many attacks in a cost-effective way and can notify you if you are attacked, and can respond immediately.
Vulnerable Custom Software!
Vulnerable software contains occurs when a developer makes common mistakes. It’s difficult to prevent, and is more difficult to exploit.
Perform Security Audits
Review the code you have, and perform security audits.
Make sure your software developers understand what these risks are. Hire experienced developers to oversee them, and ensure all software is reviewed.
Remove Custom Software
The cost of custom software can be great. Use of publicly available software that is maintained by many can reduce the cost. In some situations, publishing software as open source can also reduce your cost.
A few options are typically available on the free market for someone looking to hire professionals. Their are small firms and freelancers, who provide security optimization services. Here’s a quick hint, support the people who wrote the article! We’re here for all of your computer needs.
Summary
Our goal for this article has been to inform the business owner of the risks they face. We strive to provide guidance, assurances, and advice that should not excessively burden your business.
If you have any questions or wish to get a free security assessment, please contact us, so we can get you back to sleep.
Disclaimer: In security and this article there is no certainty, only precautions. We encourage you to take appropriate steps tailored to your business to reduce your risk. We can’t offer, imply, or state any warranties or guarantees. Please consider purchasing insurances that can protect your investments.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
