Small-Business Network Security 101

By Yardena Arar, PC World

Today more than ever, good network security is vital to businesses of all sizes. Cybercriminals, equipped with sophisticated software that automates the task of seeking out vulnerabilities, aren't focusing on large enterprises alone; any easy target will do. Fortunately, however, good security isn't as expensive or as complicated to implement as it used to be.

Small-Business Network Security 101 // Cisco WRVS4400N security router (Image courtesy of PC World)

Technology for protecting valuable data from prying eyes, warding off malware, managing spam or empowering employees to work remotely and securely is now bundled in routers at prices that most organizations should be able to afford. Though consumer routers offer some of these protections, you don't have to spend a lot more for business-class alternatives that provide more robust defenses and, typically, features that consumer products simply don't offer.

Attending to the basics for free

Small businesses must cope with the same Internet security threats as larger companies do, but usually without the same budget and manpower. And in recent years, the threats have diversified and become more subtle: Whereas several years ago, you worried that a hacker or virus would crash your computers, now you may never even realize that your network has been compromised until real economic damage has been done. For example, your data may be lost or held hostage; you, your colleagues and/or your customers may fall victim to identity theft; or your computers may be used to distribute spam or malware.

Of course, once your business grows to a certain size -- 100 to 200 staffers or more -- you're best off putting security in the hands of a pro, typically an independent contractor or a reseller. But if you're handling security for a work group or a smaller business and money is tight, you can develop and implement your own security policy. This doesn't cost a dime and it can be very effective if you put in the required effort -- but make no mistake, effort is involved. Nobody likes to change passwords every month, perform regular backups and check for software updates, but tending to these chores can help minimize your risk.

Security organizations offer how-to guides that can get you going. For example, the Internet Security Alliance makes its "Common Sense Guide to Cyber Security for Small Businesses" available as a free download to registered users; you can read some of its contents in the SANS (SysAdmin, Audit, Network, Security) Institute's "Network Security and the SMB" paper.

The guides have similar checklists with instructions that you've probably seen before, but the major ones bear repeating:

Protect user accounts with strong passwords and change them regularly.
Scrutinize e-mail attachments and links.
Install and regularly update antivirus and anti-spyware software.
Keep your operating system and applications current and patched.
Set up and use a firewall.

Also included are items that you don't hear about as often but can also help to plug security holes:

Remove unused user accounts and software.
Regularly back up key data.
Implement network access security.
Limit access to sensitive information.

Small-Business Network Security 101 // Cisco WRV210 VPN router (Image courtesy of PC World)

The router that connects your network to the outside world is the primary line of defense and ordinarily it has its own firewall; current consumer routers typically have other security features, too, so you should read the manual to see which ones your router offers. One important step that many otherwise savvy users often neglect is to change the default administrative login settings so that an outsider can't easily alter all of the other settings. (Router vendors tend to use the same default settings for all their products.)

If you're using Wi-Fi, it's time to bite the bullet and use the best encryption available, WPA2. If you're hanging on to a laptop that doesn't support WPA2, either upgrade to one that does or resign yourself to disabling Wi-Fi and using a wired hookup. The same goes for smart phones: Current and recently issued handsets (including the iPhone) support WPA2 and you should abandon Wi-Fi on older handsets that don't.