Business Data Security3make trouble even for sophisticated attackers. The biggest threat on the Internet is ignorance and the factthat most computer users do not take even basic precautions. Safely navigating large cities requires street-sense and awareness; the Internet is no different. As our world changes, businesses that become street-smart will have a competitive advantage over those that do not.Although I provide links to examples of products or technologies, I stear clear of providing steps toaccomplish tasks, use products, or secure particular types of systems (such as tightening down a WindowsXP™ computer or using encryption in Microsft Outlook™). Technology changes rapidly and my goalhere is to teach concepts that are independent of particular products. Specific technical solutions are besthandled by IT staff for larger businesses or technology specific howtos for SOHO professionals.
This article is targetted at small to medium-sized business owners. Much material applies to Small Office/ Home Office (SOHO) users, particularly background information, basic security strategies, and much of the discussion on desktop and communications security. SOHO readers who are not connected with or donot work within a larger organization will find that discussions of policy, management, and organization,as well as network architecture and services will not directly apply to them and will likely skip or skimthose sections. Owners or managers of larger businesses will find that discussions of security plans hereare necessarily simplified. Medium to large organizations have complex and varied networks with legacytechnologies and layers of existing policy which cannot be treated in one document. In these cases, theglossary and bibliography will help you to find other sources of information. Given the concepts presentedhere and the help of competent specialists, it is hoped that a manager can learn what they need to knowabout their own system to manage it effectively.
The information presented here is extensive— do not try to absorb it all at once and do not expect to changeyour business overnight. Take it in steps. I recommend reading through once at a high level to absorbthe contents and skim the detail. Then start through again. I have worked to provide extensive references,links, and a glossary. Focus on the parts that are most important to your business, explore the referencesand talk to your IT people. If you find that your IT staff or consultants will not work with you, get newones. Try to learn and improve something each week. The end goal is to turn the Internet from an unknownsource of risk to something which can be understood and capitalized on.
"Real World" Risks
The goal of security is not to combat risk for its own sake, but to maximize business opportunity.Outside of cyberspace, your business must balance risks in order to remain profitable. When you seebusiness opportunities, you identify risks, determine how likely they are, how much damage they maycause, what may be done to lower or avoid the risks, and, ultimately, whether the opportunities areworthwhile. Sometimes outside experts, such as lawyers, market experts, or insurance agents, are consultedto assess the risks or suggest ways to protect the business. Sometimes the business must change the way itoperates to avoid liability or comply with regulations. In any case, the overriding goal is never to combatrisk for its own sake but rather
to maximize opportunity
and create a successful business.
Buildings are required to have basic safety features such as lighted exit signs. In some locations it isforbidden to use a corded vacuum cleaner during business hours in an area with pedestrian traffic. In other