Simple Answers for Businesses Concerned About System Security.
Are you responsible for a store or other small business, and security, keeping you up at night? Let’s get you some rest.
In this article, we will talk to the common business owner about why computer security is needed, and offer solutions to achieve complete system security. This article is for non-technical beginners and individuals who own or operate businesses and is an introduction to security.
Warning: This document range is only on computer systems, and not the larger topic of system security. Please see Computer vs System Security for more information.
Warning: This article advocates for a measured, prepared approach to computer security that may not stop all threats. We make no guarantees, apart from security is never guaranteed. Buy insurance and follow all rules and regulations.
Why Should I Care About Security?
Compromising your business security can risk the future of your company. It can lead to embarrassing news coverage and a blemished reputation that can risk your customer’s trust in you. The information and loss of privacy can not only affect you, but also your customers. Not that we want to ignore the fact that lawsuits are expensive.
Understanding the Problem
As a security consultant, I’m frequently asked if a system is secure. The truth is, no. Given an unlimited number of resources, any system is vulnerable. Therefore, you must wonder how do I sleep?
Well, I sleep extremely well because I know how to prevent most attacks. I know it takes a team to succeed. And yes, I come with backup.
How to Know You’re at Risk
Here’s a simple comparison to know if you face a threat.
Secure = Cost of Compromise > Gain of Compromise
Or in layman’s terms:
Security comes from removing the bad guy’s profits.
What this says is that you probably have a low risk of security, unless you present a large financial reward to any hacker.
Let’s start with our top recommendation: Perform a security audit. Why?
The only way to improve the security of your systems is to have a qualified security professional carry out a security audit. This is important if your business is controlling resources that have significant value.
Because, this is a great method for businesses to analyze, and potentially eliminate, the risk they face without breaking the bank. Getting a system analyst to audit the systems you deploy can drastically drop your risk. And the documentation produced can lead to a better solution that specifically targets your unique business needs and risks. This can be coupled with insurance that can further protect you and your organization from any remaining financial risk you face.
Computer vs. System Security
Our document is focused on Computer Security, not system security. Unfortunately, computer security alone won’t make your business secure, and you would ignore one of the biggest threats.
Imagine getting a call. You pick up the phone, and the sound of static greets you. The employee on the other end identified themselves, but is barely audible. He briefly explains that hell is breaking loose, the password and username at the office will fix all his problems. Except, it’s not who you think they are.
It’s harder to address the problems of “Social Engineering.” These attacks pray on our weakness and attack what we don’t think about.
The solutions to this problem can be a bit more complex. Our policies, procedures, and training must work in harmony to ensure people make the right choices.
Information system security experts, like Proper Programming, can help analyze your processes and find these issues.
First, relax. Take a deep breath. The solution to computer security is actually easy. Increase the difficulty, or decrease the reward, and put the hackers into the red.
We can do this easiest by doing these five things:
- Keep software upgraded and maintained.
- Use and require password managers from all your employees.
- Always use cloud backups, as well as occasional local backups for your resources and data.
- Perform regular security audits.
- Get insurance.
From our experience, most small businesses are not performing these simple tasks, leaving them at an increased chance of loss.
Warning: All financial, custom development, and out-of-date systems should receive regular security audits and updates.
Our research shows that the impact documentation can have on the cost and security of your systems is profound. Please consider requiring it at every step in your development process. Don’t forget, but insist on it. It’s the biggest thing you can do to ensure your business success.
Our experience shows us that you’re not documenting enough to reap the benefits. Yes, chances are you can save time and money by documenting more.
There is more to do, so here is some more in-depth information on the topic.
Threats and Responses
These attacks deploy programs that use lists of non-strong passwords, or known password/username combinations, on various types of systems.
A password manager prevents this type of attack by allowing you to remember a single password. This gives you access to a library of unique, strong passwords that you don’t need to remember.
Captcha can also reduce the effectiveness of this, but can’t be deployed on all systems.
Out of Date Software!
The first most common threat faced by businesses is a type of attack that uses known security flaws to compromise systems that do not get upgraded.
Update Your Software
Yep, simply turn on that auto-update, and the risk goes away. Be careful, a single out-of-date computer can provide access to your entire network.
Maintain Custom Software
Custom software needs to be maintained to be secured. Otherwise, it risks bugs developing as its ecosystem updates.
Denial of Service Attacks!
Another threat that is more complicated to deal with is the denial of service attacks. These attacks bombard your systems to overwhelm them, thus shutting them down.
Due to the resources required, they are not as often seen. Except in rare cases of harassment, most won’t face this threat.
The best defense is preparation. Talk to your service providers and plan.
What you need to know:
- What will happen to the cost of your infrastructure?
- Will you be notified?
- Is your hosting going to shut down your accounts?
- Are you going to automatically block suspicious traffic?
Content Delivery Networks are some of the best ways to secure yourself from this attack. They will respond to many attacks in a cost-effective way and can notify you if you are attacked, and can respond immediately.
Vulnerable software contains occurs when a developer makes common mistakes. It’s difficult to prevent, and is more difficult to exploit.
Perform Security Audits
Review the code you have, and perform security audits.
Hire Competent Staff
Make sure your software developers understand what these risks are. Hire experienced developers to oversee them, and ensure all software is reviewed.
Remove Custom Software
The cost of custom software can be great. Use of publicly available software that is maintained by many can reduce the cost. In some situations, publishing software as open source can also reduce your cost.
Who Can Help?
We can! Contact us now!
A few options are typically available on the free market for someone looking to hire professionals. Their are small firms and freelancers, who provide security optimization services. Here’s a quick hint, support the people who wrote the article! We’re here for all of your computer needs.
Our goal for this article has been to inform the business owner of the risks they face. We strive to provide guidance, assurances, and advice that should not excessively burden your business.
If you have any questions or wish to get a free security assessment, please contact us, so we can get you back to sleep.
Disclaimer: In security and this article there is no certainty, only precautions. We encourage you to take appropriate steps tailored to your business to reduce your risk. We can’t offer, imply, or state any warranties or guarantees. Please consider purchasing insurances that can protect your investments.