Computer Security 101

It's a jungle out on the Internet, with any number of cyberpredators salivating at the prospect of mauling your records. Here's how to stop them

By Karen E. Klein

The names sound silly -- mydoom, netsky, and bagle are among the current crop -- but Internet viruses are nothing to laugh at, as millions of victims have discovered over the past few months. With increasing numbers of small-business owners upgrading their technology and moving key aspects of their operations online, many are learning the hard way about the need to keep a sharp eye for e-mail viruses, worms, and the like.

If your business uses e-mail -- and these days, whose outfit doesn't? -- the first and most simple precaution is to watch for suspicious subject lines ("thanks" "test" and "hi"), and also to be very cautious about e-mail file attachments, which may be infected with viruses that will replicate within your system if you open them.


  Be careful also about e-mail sent to you with an attachment and a subject line that says something like "undeliverable mail" or "returned to sender." This is a common virus-writers' ploy, along with e-mail "spoofing," which involves a virus being sent out under your company or individual e-mail address, even though you had nothing to do with it. If your curious, this happens when automated virus programs find your address somewhere on the Web and co-opt it to do their dirty work.

In order to help guard your computer system from cyber vandals and their insidious tools, the Better Business Bureau suggests taking the following security measures:

• Install antivirus protection software on all computers and scan regularly for viruses. Be very careful about disabling antivirus software or neglecting to reenable it, thus leaving yourself open to attack. Check frequently with your software provider for virus updates, and sign up for automatic updates.

• Equip your computer system with firewalls, which can be purchased at just about any computer store. Firewalls foil infiltrators by shutting out unauthorized users and allowing others to visit only those areas they are authorized to access. Firewalls should be installed at every point where the computer system comes in contact with other networks. Check with your Internet service provider (ISP) to make sure it has anti-intruder filters in place.

• Regularly download and install security patches. Most software vendors release updates and patches to correct software flaws that might allow an attacker to enter your computer. Some software outfits have automated patching features that perform these tasks for you, so look for them to make the job easier.

• Back up your computer data on a regular basis, at least weekly. This will help to minimise the damage caused by both viruses and system malfunctions, which could destroy such invaluable information as customer accounts, financial records, and contacts. Small amounts of information can be backed up on removable disks and larger volumes on CDs. If you have networked your business computers, save copies to another computer. Make sure employees know how important it is to do weekly backups of all important data.

• Be aware of file-sharing risks. Your computer operating system may allow other computers on a network, including those who access it via the Internet, to tap the hard drive and share files. This can lead to virus invasions, even competitors being able to look at the files on your computer. Unless you really need this function, turn off the file-sharing options. At the very least, do not share access to your computer with strangers!

• Educate your employees. Develop and enforce a companywide computer and physical security policy. Employees should be instructed not to open e-mail from unknown sources, to disconnect from the Internet when not online, and to consider long and hard the risks of file-sharing. Teach them how to react to suspicious e-mails, and drum home the most fundamental message of them all: When in doubt, delete! Brief employees and managers on new security threats and corrective measures and encourage them to bring anything suspicious to a supervisor's attention.

• If your business relies on proprietary information and trade secrets, consider purchasing encryption software. That way, even if an intruder manages to break through a firewall, the data on a network will be safe. You can purchase stand-alone encryption packages to work with individual applications, in addition to the good encryption software that is in the public domain.

Karen E. Klein is a Los Angeles-based writer who covers entrepreneurship and small-business issues.

Before it's here, it's on the Bloomberg Terminal.