I want to take some time to discuss the importance and affordability of securing your company's network and data.  Most SMBs I come accross are not doing enough to protect themselves against the myriad dangers threatening their organization.  Criminals are casting an ever-widening net on electronic targets; and now, more than ever, it is becoming essential that you perform some due dilligence as the operator of a small organization.

Some basic stats on 2011, according to Verizon's 2012 Data Breach Investigations Report: 2011 saw (according to Verizon):

  1. 850 Data Breaches
  2. Financial Sectors suffered the most incidents
  3. Financial gain appears to be the main motivation
  4. Increase in data breaches originating from external threats increased from about 80% to 92%
  5. Desktops, laptops, and point-of-sale terminals made the bulk of compromised end-user devices
  6. 60% of incidents were detected months or years after the fact
  7. The majority of incidents had a point of origin in Europe, the Middle East, and Asia
  8. Most data breaches are avoidable

If you are like most organizations, you most likely do not only store data critical to the operation of your own business; but also store personal and business data belonging to other organizations and your consumers.  Credit card numbers, social security numbers, accounts and passwords, confidential correspondence, and medical records.  If your organization is in the financial, medical, or legal sectors, you have the added responsibility of safeguarding this information in accordance with local, state, and federal laws.

Your number one priority as the IT decision maker of an organization should be limiting the vectors of attack a would-be attacker could use to compromise your systems.  In collaboration with your outsourced IT department, it is encouraged that you consider implementing at least a basic level of security which should include:

  1. Regularly updated antivirus from a reputable vendor
  2. The most updated antivirus engine from the vendor you use
  3. Firewall (server-based or network appliance) to close all unnecessary ports
  4. Spam Filtering
  5. Complicated, unique passwords; changed on a regular basis
  6. Preventative, regular sweeps for malware
  7. Regularly updated antivirus on File Servers
  8. Secured network appliances
  9. Proper configuration and physical location of network appliances
  10. Physical security of network appliances, servers, workstations

Additionally, users should be mandated to:

  1. Securely dispose of PCs and Media
  2. Utilize agreed upon password complexity
  3. Follow a separation of Duties
  4. Attend some sort of user education and awareness training; whether it be via newsletter, or in a training seminar
  5. Report on suspicious activity

With the proper policies and procedures in place, your organization will be better prepared to performe due care and due dilligence in protecting your data and your customer's data.  Considering how much benefit your organization derives from computing, the cost of implementing the most basic forms of security is relatively low.  Contact your IT provider to discuss your preparedness for a data breach.