Make sure you have a handle on your IT resources

2009 has been a tumultuous year for the small-business Owner. Cutbacks and spending freezes from our customers have forced many of us to make some very difficult decisions with regards to employee retention.

Some of us have been forced to lay off some really good people as we attempt to reduce our cost structures, collect on outstanding receivables and most importantly find new revenue.

I came across a recent article by Roger Grimes entitled “Do you have a handle on your managed resources?” The article is really geared towards a larger IT department but I think it sheds some light on a new challenge that the small-business owner needs to consider.

From a computer infrastructure perspective each employee must exist as a user on the network. In addition to being assigned a physical workstation, that user needs the workstation to be assigned as a resource on the network. Each user and resource are then granted permissions and assigned to groups based on their job roles.

For example, you hire a new controller, and want to give him or her a workstation with access to email, shared files and your accounting data.

To accomplish that on the network your controller is created as a network users in your network directory. He or she is then assigned a workstation as a resource. The controller is granted permission to access email, shared files and your small businesses accounting system as a member of the finance group.

Proper maintenance of this directory is essential to maintaining a secure, reliable computing environment. As new employees start and others move on, this directory must be updated to avoid risks to security. (stale accounts give malicious hackers great opportunities to exploit your network)

This is a difficult process to maintain under normal circumstances, but for the last nine months our business environment has been chaotic. It’s a good bet that network directory maintenance has taken a backseat to far more pressing issues. But it should be addressed and the sooner the better.

Roger’s article is a pretty easy read and it should help provide some direction for those of you that feel like you can take care of this issue by yourself. But as Roger related his story, it’s really easy to delete items from the directory and cause a catastrophe. (Follow this link to read the specific example) So if you’re going to attempt to do this yourself you need to know that you might delete something that could take your entire network down.

At Endsight, we’ve developed add move and change policies that we’ve baked into our internal systems and procedures. Our team does this all the time and we can guarantee our work. If you need help with this issue or with any other aspects of managing your computer network please feel free to contact us.

Don’t Be Afraid, Be Prepared

Over the course of a year, we meet with hundreds of small business owners and executives and the issue of network security is one of the most confusing and daunting for nearly all.

While many businesses have a healthy fear of network breaches, far more concerning are those who believe they are “below the radar.” We often hear statements such as “Nobody would want to steal my data” or “We’ve never been attacked before.” Unfortunately, it’s not just high profile businesses that are attacked.

What most executives don’t realize is that most of the time, no one is interested in actual data. There are many other reasons why networks get exploited. By understanding these reasons, it becomes inherently clear that any company relying on its computer network needs a basic level of security.

As mentioned previously, theft is a primary motivator for security breaches. But, it’s not the data being stolen. If your systems are not properly protected a hacker can install a program called a Key Stroke Logger (KSL). This software tracks every key stroke typed on an infected machine. The hacker can determine usernames and passwords, not only to your network but also to any website you visit - including your bank. (As it turns out, it is a lot easier to hack your computer than your bank!) Using KSL software, a hacker can access your accounts and steal your identity. Small business owners are left worrying not only about their personal and corporate accounts, but also about lawsuits from employees affected by negligent security.

Other network attacks are the result of ill will harvested in the process of running your business. It’s not
uncommon to see a scorned employee, irritated vendor, or angry customer retaliate in the form of a ‘hack.’ Indeed, the software used to attack networks is freely available on the internet and anyone with reasonable computer skills and time can take advantage of an improperly managed network.

Finally, boredom is a prime motivator of hackers. Many are computer savvy kids who feel a great sense of power by taking control of a stranger’s network. The hacker specifically targets an improperly secured network, runs a basic attack and takes control. With the keys to the kingdom, the hacker may engage in anything from an elaborate prank to the illegal hosting of pirated movies, pictures and music. For the unfortunate business owner, it all adds up to downtime, data loss and potential embarrassment.

If you think your company may not be taking appropriate precautionkey stroke logger,kls,s with network security, chances are you’re right. Consider outsourcing your IT management to a company that can administer the network using industry best practices; however, if your philosophy is to handle these issues internally there are resources that can help. ICSA is a third party organization that evaluates and certifies all internet security products. It is an excellent resource for deciding which solution is most appropriate for your network.

After all, education is the key to preventing network security breaches.