Thursday, November 19, 2009

Small Business Network Security


Many small businesses today use computers and network servers to facilitate their operations. Company Information Important are stored in electronic format on these networks, and daily operations are dependent on the network being both available and secure. In many cases, these small businesses ignore or are unaware of the risks that could compromise data security. To better understand these issues, two hundred of these small businesses were interviewed about their . Companies ranged from those of ten or fewer employees, those who have more than one hundred staff.

More than half of survey respondents believe their network is sufficiently strong or very secure. Many respondents did not admit that they doubted their defenses against an attack. It is not too surprising, since almost all companies have experienced some type of security threat in the last year, lost computers or back-up takes, hacker attacks, viruses, or theft by employees.

The three threats reported were:

1) Trojan horse or virus attack
2) the lost or stolen computers, including devices for data storage
3) Employee theft or Hacker Attack

Defenses Company reported include:

1) Protection against viruses
2) Firewall
3) Protection against spyware
4) Spam Filters

Recommendations:

Most companies have said they do not have a smart password policy, the automated patch management and use policies of the network employee. In general, many of these companies are not fully protected against an attack, and have not yet had to put their defenses to the test.

There is no single fix to ensure continued security operations on a network. However, we recommend a layered approach in managing these threats to security emergencies. This phased approach examines vulnerability in different areas: hardware, software, processes and training. Each layer has added another level of environmental protection information.

1) Blocking network against attacks
2) Blocking host attacks
3) Eliminating vulnerability
4) Supporting authorized users safely
5) tools to maximize efficiency and minimize losses

To ensure continuity of your business operations, regular monitoring of these security measures is necessary.

Overall level of safety:

More than half of respondents said they believed that their network is secure enough or better. 30% of the remainder thought their network was only slightly blocked, and over 10% confided that their network was not sure it should be.

These small businesses tend to believe that their network is relatively secure: 63% of firms with fewer than ten employees and almost 75% of those with between eleven and twenty-five members of staff. Large companies are not as sure of their defenses, with more than half of those with fifty to one hundred and 44% of people over a hundred employees felt secure or secure enough. In the fifty-one to a hundred staff category, over 20% said that the network was not as secure as could be. In general, the larger the company, the larger the network - and the number of security risks it must defend against.

Experienced Threats:

Respondents reported on security breaches or attacks they had experienced during the last year. The survey showed that Trojan horses or virus attacks are the most common threat to network with about half reporting experiences with these issues now. Businesses higher at 40%, the lowest rate, which is indicative of better defenses. Over 60% of smaller businesses reported virus attacks.

Loss of company information against theft or loss of storage devices seems to be a minor threat for smaller companies, but this risk increases with firm size. Over 33% of large firms reported such experiences. Attacks by pirates have been the most frequently encountered by companies with fewer than ten employees and those with over a hundred. It seems that smaller networks are more vulnerable and the most important are high profile, with a greater chance of becoming a target. Unfortunately, staff members can create a security risk themselves; about 10% of companies reported they had experienced unauthorized access or theft in a timely manner.

Devices and procedures:

Proper procedures, processes and systems can help defend against security threats. In the survey, respondents were asked which security methods were in use. Most said they had virus protection and firewalls. Approximately 25% lacked spam filters and spyware removal, leaving networks open to malware which ranges from annoying to dangerous. Less than 50% have patch management or a smart password policy in place. This smart password system uses passwords with a mixture of normal and special characters that are frequently changed.

Compared to larger companies surveyed, smaller businesses are less often implementing policies to use the network for employees. Over 80% of large companies have established guidelines for proper use and improper network. These guidelines attempt to lower the amount of network activity unrelated to the activity, which result in increased security risks. Many respondents use wireless networks. Wireless networks are few access points most vulnerable if not properly secured. Only a few companies reported that they use all top-priority security measures listed in the survey.

Testing:

No safety device or feature may be known to provide a real defense until it was tested. Anti-virus specifications could be out of date, a hole can exist within a firewall, or staff may not be using the correct practices for a secure and safe. Approximately 25% of respondents indicated that either she could not remember the last time they tested their security, or did not know they ever had. This suggests that although many have adopted security defenses, they can be assured that the expected protection is actually provided.

Very small firms less often tested their security measures. Approximately 10% of businesses had tested security, but not for over a year. The threats change over time, dangerous failures can occur without periodic testing. Some 33% of respondents said they had tested their security measures in the last month. Validation of network elements of security on a regular basis is important for the integrity of the system comprehensive business continuity plan. It is unfortunate that a company generally looks only to its level of exposure after a damaging event which negatively affects the company.

By David Mcgharthy

No comments:

Post a Comment