Information Security Tips for Small Office and Home Office (SOHO)

In the age of information data is the measure of corporate wealth. Unfortunately very little effort goes into protecting the invaluable wealth. A few common reasons for ignoring data security and protection are associated costs, lack of awareness and lack of technical skills. This article is an attempt to provide you with various alternatives. There are a few steps every business can take to protect itself. By following these cost effective techniques you can protect the wealth that is key to the survival of your business. I want to stress that I have only listed tools and techniques that make sense for homes or small to medium size businesses only.

Undoubtedly, protection against viruses and Spyware should be the first steps any business should take. Therefore spending money for a virus scanning software is a worthwhile investment.

1. Virus Scanners
   
   
   
   • Remember to use the 'Auto Update' feature so that you are protected against latest viruses.
     
   • Renew you yearly subscription every year. Remember that you are unprotected against viruses the moment your subscription expires. Never let that happen.
     
   • Remember all PC's require their own virus scanner software.
     
   • For optimum protection consider getting the personal firewall bundle with the virus scanner software.
     
   
   
2. Spyware and Adware
   Protection against spyware and adware is very important in today's world. The following free tools provide good protection.
   
   
   
   • Spybot Search and Destroy
     
   • Ad-Aware Personal Edition
     
   
   

It cannot be stressed enough that backing up your data is extremely critical to the survival of your business. In my opinion this is a single reason that could make or break your business. Therefore consider acting upon this section very carefully.

1. Use Microsoft Windows Backup Utility
   Chances are that you are with the majority of users who use Microsoft Windows XP. Microsoft Windows XP comes with an inbuilt Backup utility. This utility is both easy and fast to use. Best of all it does not require you to purchase a third party software license. The Windows backup utility can backup files to the local or an external hard drive.
   
2. Use OEQB to backup Emails
   If you use Microsoft Outlook to check you emails consider using Outlook Express Quick Backup (OEQB) available from http://www.oehelp.com
   for backing up your emails. Make sure you include the files backed up by this tool in the Windows Backup utility above.
   
3. Validate the Backup and Perform Mock Recovery
   There have been numerous situations where someone has tried to recover their data to discover that the backup was unusable or corrupt. It is important to validate you backup once in a while. For this reason I recommend performing a mock recovery at least once a month.

Once you have successfully enabled the backup for your data you need to make sure that it is well protected. This means that you should store a copy of your backup data at an offsite location. Having an offsite backup protects you against unwanted occurrences like fire, theft and floods etc.

1. Invest in an External Hard Disk Drive

If you have not done so already consider investing in an external hard disk drives (EHDD). The prices for EHDD have dropped dramatically in the last few years. Backing up data to an EHDD is fast and economical. As an added advantage the EHDD can be unplugged and carried to an offsite location.

2. Offsite/Remote Backup Solutions
   An economical alternative to method of storing offsite backups is by using a remote backup service from vendors like Datafence. Datafence offers you the ease and assurance of backup over the internet coupled with unparalleled security. The remote backup solution is fully automated using the free application provided by Datafence.

Encryption of data is one of the most secure methods for maintaining the confidentiality of data. By using freely available tools like GPG you can protect sensitive files on your computers, EHDD, USB sticks and PDA's. I admit that using GPG or any other encryption software may be a little challenging especially if you are not technically savvy. We at Datafence are continuously working on a tools and techniques that make some jobs easier in IT Security. Currently we are developing a tool that will simplify the encryption of data.

Always have a backup plan when it comes to use of mobile devices like laptops and PDA's. You should try to minimize storing of sensitive data on mobile devices. If you do store sensitive data make sure you encrypt it. In my opinion data in these devices should be backed up on a daily basis.

1. Wireless Router Security

It is quiet common for businesses to use wireless routers at their location. Wireless router security is one of the most ignored areas of IT security. Unfortunately, common methods of securing routers as advertised by router manufacturers offer limited security. At the very least make sure you configure the following features to obtain maximum security.



• Remove Default Password and Settings


• Use MAC filtering


• Use optimal cell sizing


• Turn it off when not in use




2. Firewalls

Firewalls are an excellent mechanism for restricting traffic to your home/office network. A properly configured firewall can protect your internal network from unwanted traffic. Datafence specializes in the area of router/firewall installation, configuration and monitoring.

Data theft by employees is a growing concern. Employees usually have unrestricted access to sensitive data including confidential documents, customer databases, business contacts and sales leads.

1. Access to Information

An easy method of maintaining confidentiality in business is by restricting employee access to information. You should provide access to employees just enough to do their job. This can be easily accomplished by maintaining the confidential files on a common server accessible on the internal network. Anyone requiring access should be given explicit read and/or write permissions to these files.

2. Pre-screen Potential Employees

Always pre-screen your employees before offering them a job. An easy method of pre-screening is to search for the employees name and address on famous search engines like Google and Yahoo.

3. Job Rotation and Mandatory Vacations

Job rotation and mandatory vacations are proven mean by which a business can improve the overall security. This reduces the risk of fraud, illegal data modification and general misuse of information.

These days it is common for businesses to have a website. If you are selling goods and services or collecting personal and financial data over the internet it is advisable to secure your website against hackers. The simplest method and cost effective method for doing this is by using secure socket layer (SSL). This means that the data traffic between client machines and web server is encrypted during communication over the internet. Installing SSL involves procurement of certificate from a root certificate authority like Verisign or Thawte and specialized technical skills. At Datafence we specialize in procuring root certificates, installing and configuring SSL on web servers.

Business involves a lot of paperwork. It is common to print sensitive data such as business proposals, billing and account information on paper.

1. Discarding Printed Material - Invest in a Paper Shredder

Very often printed material is discarded in garbage/recycle bins. It is a good business practice to shred sensitive documents before discarding them.

2. Discarding Old Computers

When new computers arrive it is common to copy the information from the old computer's hard drive to the new one and then discard the old computer. Always discard old computers after erasing data from them. A quick but not a sure shot method of erasing data from a hard drive is by formatting it. For a sure shot method experts recommend rewriting the character '0' on the entire hard drive more than 20 times.

Use Data Virtualization

Data Virtualization is undoubtedly the hottest trend in data storage and access. Businesses can leverage free products from VMWare to simplify their storage, network, and computing resources, control costs and respond faster.