Let's get more strategic about the computer security challenges facing small & medium sized businesses. The goal is to make your business as safe as possible while interfering with your day to day operations, as little as possible.
Great goal. How do you get there?
The first step is to know the basics. Here's one source, 'Tips for Safe Computing'. (More on basics to come in future blog entries.)
The next step is to stay up to date on what real dangers exist. You have a good idea of the security level of the locks on your place of business - and whether or not you need an alarm system. You know this partially because you have a sense of your neighborhood, and you know how safe it is or isn't.
One of the goals of Security Reality Check is to help business owners and operators have that same level of comfort with respect to their computer security.
To achieve this, a business owner needs to know as much about what's going on that could threaten the business as s/he knows about how likely it is for some one to rob, or break into the physical business.
Recently, a neighborhood association mail list informed us, here in San Jose, CA., that mail boxes had been broken into, at condo developments across the street from us. A few weeks later, when checking the mail, I noticed mail on the ground - when I went to pick it up, I saw that the back of the mail box - which accesses eight mailboxes, was wide open. Anyone could get my neighbor's mail. I reported this to USPS, and the manager of our condo association. And took note of the potential threat. As a result, if I'm expecting any checks in the mail, I'll be quick to get to the mailbox, in addition to being more alert - that is, I'll pay more attention to our mailboxes.
What do you know about businesses who have systems like yours? Have there been any exploits? How well protected are your colleagues? Are there practices they're using that could benefit you?
Of the threats you hear about, which are real? Which could affect you, and which ones are just theoretical, or worse, alarmist?
(For example, a 'real' threat is one that has a solid chance of impacting you. If the threats out there pertain to Windows XP, and you've upgraded to Windows 7 or use Linux, then you'll know you don't have an issue - at least this time.)
The answers you come up with for yourself will be most valuable. I'll be adding more on these topics, in future blog entries.