As small businesses have become increasingly reliant on computers and networks, the threats to their security have also grown. Small businesses are often challenged to secure their systems as they have limited resources. Over 40% of small businesses using the internet for more than email will be successfully attacked by the end of 2005, with over half not even realizing it. Security threats to businesses can come in many forms, including hacker intrusions, viruses, spyware, and more, which can potentially cause data loss, theft of information, and bankruptcy. It is important for small businesses to take basic steps to protect their computers and networks such as keeping software updated, using firewalls and antivirus software, and practicing safe email and internet habits.

1. Safeguarding Your Business
As the adoption and reliance on computers, networks and broadband
Internet connectivity grows with small and medium-sized businesses, so
does the threat against security. Small businesses represent 99% of all U.S.
companies and employ more than half the American workforce according
to the Small Business Administration. Because these businesses have
become extremely reliant on their computers, software and networks for
daily operations, they are often challenged with securing these systems that
have become an integral part of their business.
It’s a popular and somewhat dangerous belief that those wishing to breach
corporate computer security overlook small businesses. Because small
business owners push network security issues down the priority list in favor
of more pressing matters, their businesses may be more vulnerable because
they don't have resources to adequately protect themselves against attacks.
In fact, the Gartner Group claims that by the end of 2005, more than 40%
of small businesses that use the Internet for more than email will be
successfully attacked and more than half of the businesses attacked will not
even know it.
What Are the Threats?
Security threats can come in a number of forms including an outright
intrusion by a hacker, operating system vulnerabilities, computer viruses or
spyware. The range of damage from any of these threats can be from a
mere annoyance to data loss or theft of critical personal or business
information—any of which can lead to distraction, lost productivity or
worse, destruction. Some of the more popular security threats include:
• Security holes or vulnerabilities are “bugs” in operating systems and
software applications that can be exploited by hackers. When
vulnerabilities are discovered, hackers often develop exploits or
programs that use the vulnerability to penetrate or disable a computer
or a whole network.
• Direct attacks can be from a disgruntled worker, an unhappy
customer, a competitor or a curious hacker trying to penetrate your
business network.
• Viruses can do damage to a computer system and often spread over
email contact lists and more recently over instant messaging networks,
by disguising themselves as legitimate attachments. Users activate the
code unknowingly, infecting their system or network with the virus,
which often uses the victim’s address book to email themselves to other
users. Viruses can range from merely annoying to extremely
destructive and can be costly. Discounting costs associated with
potential litigation and fines from credit card fraud, a business can also find itself bankrupt!
According to industry expert Symantec, “93% of companies that lost their data for ten days filed for
bankruptcy with one year...”.
• Worms are similar to viruses and much more common. Unlike viruses, which infect programs and
files, worms do not attach themselves to any other software and are self-sustained. One of the most
Twelve Tips for Keeping your
Computers and Networks Secure
1) Perhaps one of the most important
ingredients of a secure network is
awareness. Familiarize yourself
with various security threats.
2) Update your operating systems and
computer software regularly.
3) Purchase antivirus software to
protect your computer from viruses,
worms and Trojans.
4) Install an Internet firewall to prevent
unauthorized Internet traffic from
entering or leaving your computer.
5) Install spam blockers to minimize
unwanted email content.
6) Purchase anti-spyware software to
prevent the transmission of personal
information from your computer.
7) Practice safe emailing and
downloading. Most email viruses
and spyware are spread by opening
infected files. Never open a file
unless you recognize the sender or
are expecting the file.
8) Make regular back-ups of data. Plan
ahead; don’t wait until disaster
strikes to think about backing up
documents, e-mails and other
valuable business data.
9) Create secure and original
passwords. This will ensure privacy
and security.
10) Don’t share computer, email or
network passwords with co-workers
or friends.
11) Turn off your computer when not in
use. The security of your computer
cannot be breeched if the computer
is powered off or if it is
disconnected from the network.
12) Block non-work-related websites,
use of instant messaging and file
sharing programs.

2. infamous worms was “My.Doom”, which, along with its variants, caused several billion dollars worth
of damage to businesses, ISPs, and home users.
• Trojan horses are software programs that capture passwords and other personal information, and
which can also allow an unauthorized remote user to gain access to the system where the Trojan is
installed.
• Spam is not officially defined as a security threat, but it can seriously damage productivity and
represents a potential risk due to the current rise of malicious software
delivered by spam messages. One example of business threatening spam is
“phishing” , a method used to acquire personal information such as
passwords, bank account and credit card numbers and more through
sophisticated email messages that claim to have come from a specific
provider (eBay or PayPal for example) and appear quite authentic to the
unsuspecting recipient.
• Spyware are malicious programs sometimes found in freeware or
shareware software, as well as in file sharing clients. They can take a toll on
system and network performance and send user data to the spyware authors.
• Inappropriate or illegal content are not considered a security threat,
however there are severe consequences. If, for example, one of your employees shared an off-color
joke with other employees, it could be considered “sexual harassment”, and that could mean litigation
and fines.
Basic Computer Protection
Probably the easiest and most economical prevention a computer user can take to secure their company’s
computers and networks is to exercise safe computing habits. Using good judgment when using the
Internet for web surfing and visiting only well-known and trusted websites, being wary of email
attachments or email from strangers and finally, knowing the capabilities and limitations of your
computer and software applications are all good safeguards.
The next step is to evaluate the risks and allocate the resources to securing your business computing and
network investment. You should consider the harm that could be caused if a competitor retrieved
customer information or if your business lost revenue due to website download. Don’t go overboard by
investing time and money in resources you do not need. Consider outsourcing. Many ISPs offer security
services for small as well as large networks but you may also want to consider a professional IT
consultation, maintenance and repair business that tailors their offerings to small and medium-sized
businesses.
Article submitted by Laurie Breese, Owner of TeamLogic IT of Orland Park.
TeamLogic IT of Orland Park, Illinois is part of a nationwide network of computer consultation
and managed services businesses providing outsourced IT services. Small- to medium-sized
businesses rely on TeamLogic IT to handle a broad range of services from urgent computer
repair and proactive maintenance to the installation of entire networks and more. For more
information, contact Laurie at lbreese@TeamLogicIT.com or visit
www.TeamLogicIT.com./OrlandParkIL
According to the
SANS/Internet Storm
Center the average time a
“clean” (unpatched and
undefended) system can be
connected to the Internet
before being attacked or
scanned was an average of
20-30 minutes.