Tips for safer computing

What can the average SMB do to safeguard their data as they increase their usage of computers, networks and the Internet?

It isn't as safe to store your corporate information on your computer these days as it used to be. The good news, however, is that security is not always a complex issue. With the right approach, securing corporate data and networks is often simpler than you can imagine.

Companies today face a host of security challenges on a daily basis. This includes the ever-growing threat of malicious hackers, viruses, spyware and, of course, spam. Network security adds to the challenge as the growing mobile workforce demands constant access to confidential corporate data and applications from remote locations.

So what can the average small and medium-sized businesses (SMBs) do to be safe and stay secure as they increase their usage of computers, networks and, of course, the Internet?

Well, the first thing to note is that internal--not external--threats pose the greatest risks to a company's network. Some statistics show a staggering 80 percent of IT crimes originate internally.

Internal security threats are typically caused by people within the company. For example, a contractor, a disgruntled employee, or an employee who has been recently terminated.

Security can also be threatened simply by employees opening a virus-infected e-mail. An internal attack can range from file and data snooping, deleting valuable information, sharing private data with others, and so on. External security threats originate from outside sources and range from Web site defacement and attacks that target the business; nasty viruses and worms that tunnel their way into any network and destroy or alter data; and applications that monopolize systems.

Internal security threats are typically caused by people within the company.

Any security approach should, therefore, effectively address security at all levels of the business-- from people to processes. Here's a look at the different types of security:

Physical security
Keep computers locked down and safe from physical theft. The most basic level of security, physical security includes a variety of external and internal locks, cables, clamps and brackets that protect equipment from being stolen or removed. These include innovative solutions like Solenoid hood locks that make the chassis lockable through a password. For medium-sized to large companies, thin clients (computing devices which do not have a hard drive and display data and applications from remotely located servers or blade PCs) are another solution to this thorny problem as they allow expensive computer components and key data to remain safe in one location. Thin clients in general are inexpensive to replace compared to notebooks, and stolen thin clients become useless to thieves because the clients cannot run without their integrated servers.

Data security
Data security is all about restricting access to the people who need it. Co-workers should not be able to access each other's files unless they are given explicit permission to do so. Smaller companies with only a single piece of equipment (such as a workstation, or a small pool of notebooks for the occasional traveller) for employees to share should create separate user accounts for any system that will be used by more than one person.

It's the data that needs protecting. Some notebooks also feature technology like HP DriveLock that prevents the hard drive from working unless the user enters the right password. That means a thief can't just access the data by plugging the hard drive into another machine--rather a password is required to use the hard disk and, more importantly, the data on it. An encrypted password combined with a smart card based solution offer double protection for mobile devices in the event of theft.

Application and operating system security
The operating system and applications are often the most important part of the computing environment. Therefore, a good starting point are security products that offer enhanced user-level firewall safety, antivirus, e-mail protection, live updates to the virus definitions database, and intrusion protection.

It's the data that needs protecting.

Many PC vendors today bundle antivirus software with their offerings, and SMBs only need to ensure that the virus definitions are kept up to date. On the application side, companies can also consider single sign-on technology that allows users to bypass the hassle of remembering multiple passwords, simplifying management while ensuring the password is protected. This will also help protect the integrity of the system at its most basic level.

Network security
For SMBs that are growing rapidly, networked systems are fast becoming a must-have. But how can the network be protected?

For a start, install network firewalls, intrusion detection and prevention systems, and Web and content filtering technologies to protect office workers as they access the Internet.

There are also different ways for employees to identify themselves, including embedded hardware chips and smart cards that combine both a physical element like a smart card that an employee keeps with a password only the employee knows.

Solutions like HP Virus Throttling software are another example of a new breed of technologies that simplify the protection and management of security for SMBs. These deliver protection, monitoring and improved security from unknown worm-type virus attacks by watching for suspicious behavior and delaying connection requests from infected servers to slow the spread of potential virus infections.

This reduces network congestion significantly, lowering the risk of denial of service (DoS) issues. The best part of it is that virus throttling technology detects the generic behaviour of a virus without requiring knowledge of the particular virus.

Security management
Assess the overall vulnerability of your IT infrastructure, and manage patches and updates carefully. Software often ships with bugs or glitches that could compromise your security. By consolidating the way vulnerability assessment and patch management is managed, SMBs avoid the problems of software breaking down or being compromised needlessly. Regular patch updates and single easy to use management interfaces also offer peace of mind.

Security services
Vendors today offer a variety of solutions--from totally outsourced to managed service options that allow companies to store their data on tapes, in servers and in remote locations. HP Smart Management Desktop Service, for example, is a simple way to keep desktops protected and valuable data safe, for less than US$20 per month per client. This provides data backup and restore capabilities with enhanced security features and hassle-free computer virus protection for networked desktops, notebooks and workstations.

Philip Lee is the solution pogram manager for Commercial Accounts & Small and Medium Businesses at HP Asia-Pacific.