Monday, December 8, 2008

10 Essential Information Security Strategies to reduce Technology Risks for Small Business

10 Essential Information Security Strategies to reduce Technology Risks for Small Business


Julius Clark

  1. Consider these basic measures to secure your business' desktop/ laptop computers:
    • Install or configure a built-in software firewall product.
    • Install an antivirus program, set it up to update automatically and scan often. Installing a few malware/ spyware programs is a good idea as well.
  2. Keep up with patching for your Operating System and all installed software applications.
  3. Secure your desktop login by using a password that is difficult to be guessed or cracked with a password cracking program and don't ever share it. Changing it often (every 90 days) will offer more protection.
  4. Consider the following basic measures to secure your wireless network to protect the computers behind it lower the risk of being hacked:
    • Change the "Default Settings" on your wireless router.
    • Enable the hardware firewall features on your wireless router. This will reject anonymous requests for information sent from the internet and block unauthorized traffic.
    • Enable built-in encryption (WPA-2 recommended) on your wireless router. Follow the guidance in step 3 to create a strong passphrase that should be kept secret.
    • Disable wireless router from broadcasting its signal. This will prevent your network from showing up as a wireless access point on others computers that are in close proximity.
  5. Securely store your laptop out of site when not in use. If you can't take it with you then lock it up in your car trunk. If your vehicle doesn't have a trunk, don't attempt to cover it up under a seat just take it with you. Additionally, the data contained on your laptop is far more valuable than the hardware.
  6. Consider using encryption technology to protect your confidential data.
    • Use software that encrypts the entire laptop hard drive if you store credit card or social security numbers, health records or any other confidential/ sensitive information. A secret key will be required to decrypt the laptop's hard drive to boot it up, and the contents of the laptop can't be accessed; even the hard drive is taken out and place it into another device, the data will remain protected from unauthorized access. Note, laptop encryption protects the contents of your computer prior to start up. Encryption gets turned off once you login with secret key to decrypt or when your laptop is in sleep or suspended mode. Completely log off and shut down your laptop for encryption to be engaged again.
    • Encrypt your email communications if you transmit confidential information over the internet.
    • Use an encrypted flash drive that you have to authenticate to when accessing the files.
  7. Routinely backup your most critical data on to a flash/ thumb drive and keep it offsite. If managing offsite data regularly is not ideal, consider using an online data backup service. If any of your files are lost due to deletion, hard drive failure or if a laptop is lost/ stolen, the data can be easily restored over the internet and onto another computer once you provide the correct credentials.
  8. Setup a password to login to your mobile phone, just in case your phone is lost or stolen. This could prevent a person from accessing its contents.
  9. GPS or car Navigation units should not be preset with addresses to your business, home or locations where your children and parents are at.
  10. Implement Security Awareness practices for your business:
    • Create an information security policy that employees are expected to follow.
    • Become knowledgeable of Federal, State, Regulations and Laws pertaining to your industry regarding the safeguarding of confidential records.
    • Be on wary of individuals asking suspicious questions over the phone or in person regarding the technology your business uses. The information an attacker gains could be used to figure out a way to compromise your data/network assets.
    • Be conscious of your surroundings at airports, cyber cafes, etc. Individuals can use a social engineering technique called "shoulder surfing" to steal your user IDs and passwords. If possible, have your back facing a wall and give yourself a better view of all in front of you; consider purchasing a laptop privacy filter/ screen.
    • Shred confidential information before throwing it in the trash.
    • If you suspect that an unlawful criminal activity has occurred involving your business computers or internet activity, report it to law enforcement immediately.

Finally, if you are not computer savvy enough to implement these security strategies yourself, contact a qualified Information Security consultant.

"There is a world of difference between a certified computer technician and a certified information security professional."

Julius Clark, MBA, CISSP, CISA

Information Security Professional

Nice & Intelligent Business Solutions



  1. That is a serious list. I saw 3 or 4 things that I need to get to for my own laptop and wireless router...


  2. This list should be required reading for everyone who uses a computer. As an additional thought, be sure to backup your data on a daily basis. It's easy to do, just sign up with an established online data backup service for nightly backups to a secure off-site data center. Be sure the service includes military-grade encryption during transmission and while store and a private encryption key. More tips at www.safeguardprogram.com.

  3. If any small business or person has a home office follows these guidelines they will lower the risks to data loss or getting hacked substantially. -- Julius

  4. As for wireless, adjust the signal strength to ensure the signal cannot be attained in the parking lot. Go outside and test with your laptop to see if you can access your wireless network.

  5. Provide employees with some basic security awareness training during orientation along with an annual refresher course. Acquaint them with security policies/standards along with best practices to protect the companies data.
    -password management
    -clean desk policy
    -think before you click
    -how to handle an incident
    -physical security



Get Expert Advice!