IT security - staying safe online and on the road

Tuesday 3 January, 2012

By Duncan Heaney - duncan@consumerchoices.co.uk

We take a look at some common IT security threats and help you understand what you need to create a solid line of defence.

Computers and the Internet are all but essential in business today. They help you keep in touch with customers, communicate with colleagues, research important information to help your business, and unwind after a busy day by watching videos of people falling over. But all that convenience comes at a cost - common threats that can disrupt your business or worse.

In this guide, we’ll look at some of the most common IT security issues small businesses face, and help you set up your first line of defence against them.

Viruses and spyware

Viruses are programs that piggyback on other software running on a computer. When you start that program, the virus starts up too. The functions of each virus are different - some are designed to attack computer systems and cause irreparable damage, some attempt to transmit sensitive information back to their creators, and others are just intended to be a nuisance. As the name suggests, many viruses can reproduce themselves, and target other programs running on the system.

There are millions of different types of viruses, with new ones being created every day. However, there are three basic categories you might encounter: Trojan horses, worms and email viruses.

As the name implies, Trojan Horses are malicious programs that appear to be innocent. As a result, these viruses are very easy to install on your computer without realising it. The worst thing about this type of program is they let you use your computer as normal, while behind the scenes giving criminals access to your systems. Some Trojans are even capable of tracking your keyboard presses, so can capture passwords and send them back on to fraudsters via the internet.

Worms are designed to attack and damage computer networks. This type of virus exploits vulnerabilities in software to infect computer systems, self-replicating and spreading through networks and email systems, damaging IT infrastructure in the process. Like Trojan horses, many worms are also capable of giving undesirables backdoor access to the personal data stored on computers.

Email viruses cause the same trouble as worms and Trojan horses, but specifically attack email systems. These nasty little programs forward themselves to contacts in your email address book via an email attachment. If the recipient opens the file, the virus installs, damaging systems and revealing security flaws. And, of course, it will spread again via the email system.

To protect against viruses, you need to ensure your computers have anti virus software, firewalls, and are kept bang up to date with the latest versions.

Install anti virus software

It doesn’t matter if you’re in an office with a network of PCs, or a sole trader with a single computer - if you’re using IT, you need to install anti virus software. Anti virus applications constantly scan your systems for infections. It will check emails, files as they are opened and, at scheduled intervals, scan all files for potential infections.

If it detects a known virus, the anti virus solution can take measures to contain the problem, from quarantining files to stop the virus spreading, or removing the malicious code outright.

An anti virus package isn’t an option - it’s a necessity. Going online without protection is like going out with your house doors and windows wide open. It’s a massive security risk, so don’t do it!

Install anti spyware software

Spyware is similar to a virus in that it sneaks onto your computer and you don’t want it, but there are some differences. Spyware doesn’t self-replicate but it can still be extremely annoying. Some spyware is used, as the name implies, to spy on you. It will scan your hard disk for sensitive information like credit card details, for example. Another form of spyware tries to drive you towards websites by dropping new icons on your desktop, activating pop-up adverts, or changing your search page.

Anti spyware applications work much in the same ways as anti virus software, scanning your hard drive for unwanted programs and removing them where possible. Anti spyware is included in most integrated security suites, but there are also plenty of standalone programs available, including AdAware, Microsoft Windows Defender and Spyware Blaster.

Activate a firewall

A firewall protects you from numerous online threats, and is compulsory for any business that uses computers that can go online. The internet is essentially a big public network of connected computers. A firewall puts a barrier up between your computer and the rest of the internet, blocking many threats, such as hackers and some viruses.

A firewall alone isn’t nearly enough security - it can be bypassed. But it’s an essential first line of defence. Windows XP, Windows Vista and Windows 7 have built-in firewalls, but more secure and sophisticated options are available for free, including Comodo Internet Security and Outpost Firewall Free. Bear in mind that these can be quite technical - it’s easier for most people to get an integrated solution with anti virus, anti spyware and firewall all included.

Make sure you update everything

You know when you get Microsoft Windows, Adobe Flash and other software pop-up messages asking you to install updates? Annoying isn’t it? Even so, you shouldn’t ignore these requests - new viruses are emerging all the time, taking advantage of previously unknown vulnerabilities in legitimate programs.

Companies update their products to plug these gaps in security, so to be as secure as possible, you need to stay up to date. It’s particularly important to update your operating system. Let your computers keep on top of things themselves, by enabling automatic updates. That way, you’ll never need to worry about forgetting.

Get an integrated security suite

The easiest way to protect your computers against online threats is to use an integrated online security suite. These software packages contain anti virus, anti spyware, firewalls and other security features and let you manage everything from one interface.

There are lots of different packages available, and they can be fairly expensive, so it’s worth shopping around to find the one that’s right for you. Some of our recommendations include Symantec EndPoint Protection Small Business Edition, McAfee Total Protection for Secure Business, and Sophos Security Suite Small Business Edition.

It’s important to note that, despite your best efforts, you’re never 100 % protected from viruses and other types of malware. But if you have adequate protection, surf sensibly and exercise common sense you should be fine.

Portable problems

The rise of portable devices - laptops, tablet computers and memory sticks, for example - means that you can keep working, even if you’re not in the office. It’s liberating, but like anything portability has its downsides. Where you and I say “portable”, others less diligent (and dashingly handsome) might say “easy to lose.” And a few nefarious types might mutter “easy to steal”. While meeting in a dark alley in the midst of a thunderstorm presumably.

It’s vital to understand that when you take sensitive information, such as customers’ addresses or credit card information, out of the office, you’re putting it at risk. Whether it’s stored on a laptop, tablet computer or a USB memory stick, it’s your responsibility to ensure the safety of your customer information. It’s a responsibility you can’t afford to shirk because the consequences of losing this data can be disastrous. The damage to your reputation alone could take years to recover from - after all, no business can survive without its customers’ trust. You could also be at risk of legal action and a sizable fine from the powers that be.

Encrypt your data

Fortunately, the danger can be lessened dramatically by encrypting sensitive data.

Encryption converts data into code, unreadable by anybody that isn’t authorised to read it. There are many different types of encryption and the more bits used, the stronger it will be. So, 128-bit encryption is stronger than 64-bit encryption, for example. The stronger the encryption is, the harder it will be for someone without a legitimate decryption key to hack and decipher the code. While the strongest codes are extremely difficult to crack - some would say near impossible - simpler methods can be potentially broken by someone with a computer, the right software and a bit of time on their hands.

Managing encryption can be quite technical and, as such, rather daunting. But software is available to make it easier. Some operating systems have built-in encryption tools. Microsoft’s Vista and Windows 7, for example, have BitLocker, a tool that largely automates the encryption process. Newer versions of the tool even let you encrypt files when you put them on a portable device.

Another option is to install dedicated encryption software. Some is available online for free, but most commercial packages are relatively inexpensive, have easy-to-learn interfaces, and the companies behind them will have lots of resources available to help you make sure your files are secure.

Some examples of encryption software are TrueCrypt, SecureZIP, and Steganos Safe.

Backup and Recovery

Sometimes disaster strikes. It could be something as simple as a computer or server breaking, as irritating as a virus wreaking havoc or as dramatic as a fire or flood damaging the office IT equipment. Whatever the problem, you should make sure you’re protecting your most important data. And that means ensuring it’s backed up somewhere safe, so that should catastrophe occur, you can restore it and get back to work.

You can approach data backup in a number of ways, depending on the size of your business and budget. For some small businesses or sole traders, it’s enough to save critical data onto a CD or DVD (encrypted of course) and store it off site.

Companies that use servers may want to invest in a backup solution. Online-based backup services are one cost-effective way to protect data. Your important information will be stored at an external data centre and, provided you choose a reputable company, fully encrypted and highly secure. The advantage of this is that there’s no maintenance your end - it will all be handled by the company you choose to work with. The downside is you need a lot of bandwidth, and you’re trusting your data to another company. Not everyone’s comfortable with that.

Alternatively, you can back up to an external server or onto tape. It isn’t the fastest system, but tape-based backup is proven and reliable. It’s up to you how often you backup data - the end of each week or the end of each day are both common. Different tapes should be used each day and they should be stored off site to ensure they’re not caught up in whatever disaster befalls the office.