Concerned about security? Inc. Technology editor Elaine Appleton discusses the need for small businesses to beef up their network security.
Last week I faced a deadline that I couldn't miss: I had to get a legal report to a district court for some volunteer work that I do. It would have been a snap if I could have E-mailed it, but I couldn't, because the report was confidential. The volunteer organization had recently banned the use of E-mail for everything but the most mundane tasks.
Most network-security experts will readily tell you that E-mail (unless you encrypt it) is as private as a postcard. When you send an E-mail message, it moves through many networks until it reaches its destination. At several points along the way, strangers can peek into your missive and find out whether you're having an affair, borrowing from petty cash, or getting advice on your new business plan. If you don't want just anybody to read what you've written, for now you've got to stick with a more "old-fashioned" form of delivery. I wound up using FedEx.
So I lost a day but got my report in just in time to avoid receiving an ugly phone call from the court clerk. As I am all too aware, there's a productivity cost associated with locking down your data -- and that's the crux of the security issue for entrepreneurs in this speed-loving world. Many CEOs choose convenience and speed over safety. But that's a bad idea, as I was reminded recently by a man who visited our offices. Sangfroid, as he calls himself, is a "white hat" hacker -- in this case, a reformed, good-guy snoop who gets paid to break into corporate networks in order to determine how easy it would be for the "black hat" variety to do the same. His message: shoddy network security can bring about your company's demise. Hacker attacks and, even worse, corporate espionage have put companies out of business, he said. And it's more common than most people realize for competitors to hire "lone gunman" hackers who sneak into your network and steal proprietary information. "Small businesses don't usually have firewalls to prevent this," he said.
Sangfroid offered some practical suggestions on keeping your systems safe. The most basic: Don't send credit-card, travel, or other proprietary information by E-mail. And, as obvious as it sounds, make sure you use passwords correctly. "I recently went into an E-commerce company that had 50 contract customer-service workers," said Sangfroid. "They all had the same password to access the credit-card information of 300,000 customers."
If you need help battening down the hatches -- or identifying an intruder -- ask friends to recommend security experts. "Lots of people have been hacked," said Sangfroid. "But they don't talk about it." Or you could turn to " We've Been Hacked," for examples of how to do network security right.
For serious instruction in confidentiality, though, you need to look to Silicon Valley, where budding entrepreneurs are so paranoid that their ideas will be copied that they're taking secrecy to new extremes. Inc. columnist Andrew Raskin recently met a fellow at a Silicon Valley party who handed him a business card and said, "I'm in stealth. That's not my real name or the name of my company."
This month Inc. Technology takes readers inside this hyperconfidential world with David Roberts, former government agent and the cofounder of Internet company FireDrop. Roberts operated in "deep stealth" for nine months while his company filed patent applications. As a veteran of the CIA, Roberts was perfectly suited to run his new venture "in the dark." He offers lessons from his experience in " Shhh. That's Classified."
Concerned about security? Write and tell me your worries. Or, well, maybe you should just call. -- Elaine Appleton, Editor