servicesproductseventscareerslinksclient areaabout us
certifications

 
 Home > Articles > Internet Security and Small Business

Internet Security and Small Business (Aug 1, 2002) 
You may be more important than you think

The other day we installed a firewall for a client who had just purchased a high speed Internet connection. Within the first few hours of installation and applying their new IP address, almost 400 attempted intrusions to their system were logged by their firewall. This was not unusual.

Many small businesses think that Internet security is not important because no one is interested in them or that they have nothing anyone wants. This is not true. As a matter of fact, small business systems are of special interest to hackers and cyber criminals because they are usually less security-conscious and are therefore much easier to penetrate than those of larger corporations.

The most common method used to gain access to systems is the automated scanning of IP addresses against DSL, ISDN, cable modem, and dial up connections for vulnerable software. With little or no security in place, intruders can easily penetrate unprotected small business systems and piggyback on them to launch more devastating blows to larger corporate or government systems. With each piggyback, the electronic trail of the originating intruder becomes harder to trace and therefore harder to prosecute.

The reason someone might want to penetrate a system varies. Some hackers may just be interested in the sport of it. Others may be after credit card or other personal information for further gain. Disgruntled employees and others may be interested in vandalizing data to destroy it entirely or make it unreliable. Competitors may want to build intelligence based on the data. And the worst of all possibilities, someone might want to do irreparable harm to the systems we all depend upon for critical services.

Although many disagree about the readiness of terrorists to use the Internet for mass devastation, there is no denying that the media and government are paying more attention to cyberterrorism. In a recent FBI statement to the Senate Select Committee, the FBI reported that  Cyberterrorism - meaning the use of cyber tools to shut down critical national infrastructures (such as energy, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population–-is clearly an emerging threat.” Various trade associations and government agencies are urging the public and private sectors to share information about attempted security breaches so that cybercrime of all types can be reduced.

According to a recent survey by CIO Magazine, many more security breaches occur than are reported. Many business owners and CEO’s feel they are inviting more attacks with the publicity of an attack. Some companies feel that they risk loss of customer trust by admitting they have had security breaches. Another reason is that, without the proper security in place, many businesses do not know they are being hacked, especially if the intruder is only looking around and not doing physical damage to the data.

Systems with high-speed Internet, web servers, email servers, or that enable remote access are among the items that present potential risks for attack regardless of the size of your company. Often small businesses are quick to install a firewall and virus protection but don't realize that they are still vulnerable. Without an internal security policy, proper identification of all reasonable vulnerabilities and a method of dealing with the new security holes and breaches, companies will continue to have security problems whether they know it or not. 

Although no system is 100 percent secure, it is important that you know where you are vulnerable and develop a comprehensive security policy that protects your digital information and systems up to an acceptable level of risk. An IT Consultant who is knowledgeable about security can help you with this process. For more information on security, see the resources below. 

Security Resources  

SANS Institute Resources
Resources from the SANS (System Administration, Networking and Security) Institute.

SANS Institute Reading Room
Articles from the SANS (System Administration, Networking and Security) Institute. (Sign up - it's FREE.)

Information Security Magazine
Security News, Insight, Analysis.

CIO Magazine Security and Privacy Research Center
On-line news and article resource on Security. See cio.com for information on all IT subjects.

Computerworld Security Knowledge Center
IT information source on Security. See computerworld.com for information on all IT subjects.

NIPC( National Infrastructure Protection Center) 
NIPC brings together representatives from U.S. government agencies, state and local governments, and the private sector in a partnership to protect US critical infrastructures

written by Brenda Zinck, Vice-President at Zinck Computer Group

Back to Articles Index

Home | Services | Products | Events | Careers | Links | Client Area | About Us

 

Copyright © 2001 Zinck Computer Group Limited. All rights reserved.  
ACCPAC, and  the ACCPAC logo are registered trademarks or trademarks of ACCPAC International, Inc. or its affiliates
 in the United States and/or other countries. All other marks are trademarks or registered trademarks of their respective holders.