New network-related technologies are arriving at a dizzying pace for small and mid-size businesses, creating major headaches and risks for strapped IT staffs.
Technologies such as Wi-Fi, voice over Internet protocol (VoIP), and mobile devices are proliferating and helping many small and mid-size businesses expand and open more remote branch offices. But these breakthroughs in our ability to network businesses and workers are also taking their toll on resource-strapped fast-growing businesses by introducing unwanted security vulnerabilities into the network.
Few businesses can afford to ignore the new technology and communications tools that have come to market, between wireless networks, collaboration tools, and accessibility to the network from mobile devices and remote workers. But according to a new study from Gartner, the Stamford, Conn. research firm, small and mid-size businesses recognize that they are putting more sensitive information on their network and allowing more access to the corporate network from mobile devices. As a result, businesses need to look at improved security software, new security processes, and more on internal training secure their networks.
HomeGain.com, an Emeryville, Calif. based online source for connecting realtors and agents with homeowners and homebuyers, is all too familiar with the dilemma. On one hand, while new technologies have brought more capabilities for the business, they also make network’s security that much more complicated and costly to maintain, according to Barry James, HomeGain.com's vice president of technology and operations.
The human factor
HomeGain.com, which has 5 million monthly visitors and 130 internal users, mitigates network vulnerabilities by layering firewalls, supporting port management, and deploying VPN and anti-virus software. These layers of security are on top of the company's use of patch management, two-factor authentication, ISA servers and email/IM gateways, network activity monitoring, and intrusion detection.
James says that although he can use technology to reasonably limit and manage external access to the various systems, the fact is that avoiding potential human error is just as important as supporting cutting-edge security technologies. “It doesn’t matter how secure our external-facing technology is if an employee mistakenly introduces an infected file behind our firewall and our controls are not prepared to deal with it,” James says.
To limit mistakes, the company restricts access to internal systems and devices to minimize the potential impact. The company also educates new employees about best practices when using email, external websites, file uploads/downloads and physical security. HomeGain.com goes so far as to require security badges for site access, biometric authentication for server room access and deploys cameras to record activity in high-risk areas.
Security steps to take
In addition to training employees, there are several steps small and mid-size businesses can take to remain secure while taking advantage of the latest technologies, according to Ennio Carboni, product manager at Ipswitch, a Lexington, Mass. network monitoring and messaging software company that caters to the small business market. He recommends that companies take the following actions:
Use a personal firewall and MAC address filtering when accessing files from home and remotely.
Change user name and passwords frequently for routers and other elements that hackers could potentially access on the network.
Use a VPN. They are affordable and allow users to protect themselves and remain compliant with recent legislation.
Use encryption technology and SSL-based email systems for transferring files when traveling.
A significant takeaway for small and mid-size businesses when it comes to security is practicality. “Most people get overwhelmed by security because they try to literally block the windows and doors and then suddenly all enablement is gone,” Carboni says. “The enterprise space has learned that security -- like all technology -- needs to be digestible by all users and not just the Chief Information Security Officer.”