Should I Worry About My Computer Security?

Simple Answers for Businesses Concerned About System Security.

Are you responsible for a store or other small business, and security, keeping you up at night? Let’s get you some rest.

In this article, we will talk to the common business owner about why computer security’s needed, and offer solutions to achieve complete system security. This article is for non-technical beginners and individuals who own or operate businesses and is an introduction to security.

Warning: This document range is only on computer systems, and not the larger topic of system security. Please see Computer vs System Security for more information.

Warning: This article advocates for a measured, prepared approach to computer security that may not stop all threats. We make no guarantees, apart from security is never guaranteed. Buy insurance and follow all rules and regulations.

Why Should I Care About Security?

Compromising your business security can risk the future of your company. It can lead to embarrassing news coverage and a blemished reputation that can risk your customer’s trust in you. The information and loss of privacy can not only affect you, but also your customers. Not that we want to ignore the fact that lawsuits are expensive.

Understanding the Problem

As a security consultant, I’m frequently asked if a system is secure. The truth is, no. Given an unlimited number of resources, any system is vulnerable. Therefore, you must wonder how do I sleep?

Well, I sleep extremely well because I know how to prevent most attacks. I know it takes a team to succeed. And yes, I come with backup.

How to Know You’re at Risk

Here’s a simple comparison to know if you face a threat.

Secure = Cost of Compromise > Gain of Compromise

Or in layman’s terms:

Security comes from removing the bad guy’s profits.

What this says is that you probably have a low risk of security, unless you present a large financial reward to any hacker.

Recommended Solutions

Let’s start with our top recommendation: Perform a security audit. Why?

The only way to improve the security of your systems is to have a qualified security professional carry out a security audit. This is important if your business is controlling resources that have significant value.

Because, this is a great method for businesses to analyze, and potentially eliminate, the risk they face without breaking the bank. Getting a system analyst to audit the systems you deploy can drastically drop your risk. And the documentation produced can lead to a better solution that specifically targets your unique business needs and risks. They can couple this with insurance that can further protect you and your organization from any remaining financial risk you face.

Computer vs. System Security

We focus our document on Computer Security, not system security. Unfortunately, computer security alone won’t make your business secure, and you would ignore one of the biggest threats.

Imagine getting a call. You pick up the phone, and the sound of static greets you. The employee on the other end identified themselves, but is barely audible. He briefly explains that hell is breaking loose, the password and username at the office will fix all his problems. Except, it’s not who you think they are.

It’s harder to address the problems of “Social Engineering.” These attacks pray on our weakness and attack what we don’t think about.

The solutions to this problem can be a bit more complex. Our policies, procedures, and training must work in harmony to ensure people make the right choices.

Information system security experts, like Proper Programming, can help analyze your processes and find these issues.

First Steps

First, relax. Take a deep breath. The solution to computer security is actually easy. Increase the difficulty, or decrease the reward, and put the hackers into the red.

We can do this easiest by doing these five things:

  1. Keep software upgraded and maintained.
  2. Use and require password managers from all your employees.
  3. Always use cloud backups, as well as occasional local backups for your resources and data.
  4. Perform regular security audits.
  5. Get insurance.

From our experience, most small businesses are not performing these simple tasks, leaving them at an increased chance of loss.

Warning: All financial, custom development, and out-of-date systems should receive regular security audits and updates.

Documentation

Our research shows that the impact documentation can have on the cost and security of your systems is profound. Please consider requiring it at every step in your development process. Don’t forget, but insist on it. It’s the biggest thing you can do to ensure your business success.

Our experience shows us you’re probably not documenting enough to reap the benefits. Yes, chances are you can save time and money by documenting more.

What’s Next?

There is more to do, so here is some more in-depth information on the topic.

Threats and Responses

Bad Passwords!

These attacks deploy programs that use lists of non-strong passwords, or known password/username combinations, on various types of systems.

Password Manager

A password manager prevents this type of attack by allowing you to remember a single password. This gives you access to a library of unique, strong passwords that you don’t need to remember.

Captcha

Captcha can also reduce the effectiveness of this, but can’t be deployed on all systems.


Out of Date Software!

The first most common threat faced by businesses is a type of attack that uses known security flaws to compromise systems that do not get upgraded.

Update Your Software

Yep, simply turn on that auto-update, and the risk goes away. Be careful, a single out-of-date computer can provide access to your entire network.

Maintain Custom Software

Custom software needs to be maintained to be secured. Otherwise, it risks bugs developing as its ecosystem updates.


Denial of Service Attacks!

Another threat that is more complicated to deal with is the denial of service attacks. These attacks bombard your systems to overwhelm them, thus shutting them down.

Due to the resources required, they are not as often seen. Except in rare cases of harassment, most won’t face this threat.

Preparation

The best defense is preparation. Talk to your service providers and plan.

What you need to know:

  • What will happen to the cost of your infrastructure?
  • Will you be notified?
  • Is your hosting going to shut down your accounts?
  • Are you going to automatically block suspicious traffic?
Proper Infrastructure

Content Delivery Networks are some of the best ways to secure yourself from this attack. They will respond to many attacks in a cost-effective way and can notify you if you are attacked, and can respond immediately.

Vulnerable
Custom Software!

Vulnerable software contains occurs when a developer makes common mistakes. It’s difficult to prevent, and is more difficult to exploit.

Perform Security Audits

Review the code you have, and perform security audits.

Read More

Hire Competent Staff

Make sure your software developers understand what these risks are. Hire experienced developers to oversee them, and ensure all software is reviewed.

Remove Custom Software

The cost of custom software can be great. Use of publicly available software that is maintained by many can reduce the cost. In some situations, publishing software as open source can also reduce your cost.

Who Can Help?

We can! Contact us now!

Who else?

A few options are typically available on the free market for someone looking to hire professionals. Their are small firms and freelancers, who provide security optimization services. Here’s a quick hint, support the people who wrote the article! We’re here for all of your computer needs.

Summary

Our goal for this article has been to inform the business owner of the risks they face. We strive to provide guidance, assurances, and advice that should not excessively burden your business.

If you have questions or wish to get a free security assessment, please contact us, so we can get you back to sleep.

Disclaimer: In security and this article there is no certainty, only precautions. We encourage you to take steps tailored to your business to reduce your risk. We can’t offer, imply, or state any warranties or guarantees. Please consider purchasing insurances that can protect your investments.