Computer security tips for small business & home office
updated 9/30/2010
If you run a small business, the data that is on your computer is obviously critical to your business. Loss of that data or downtime can cost you revenue or even destroy your business. It is important to follow all of the guidelines below. If you don't understand any of the suggestions below or don't have someone in your company who does, you should hire a consultant who can assist you in implementing these essential computer security guidelines.
Backup your data:
The purpose of backups is to not only to protect against the loss of your data, but also against damage to that data. If you use Quickbooks for your accounting software this is critical data that needs to be backed up frequently. You might also have software that is extremely critical to your business such as programs that store contacts, medical or dental software that includes all patient records, point of sale software that tracks your inventory, etc. Loss of a hard drive or a corrupted file could be devastating if you don't have proper backups and a recovery plan. A little bit of work now can save your business from potential monetary losses & perhaps legal liability.
Keep multiple backups – You should keep at least 5 copies of your critical data using an external hard drive or some other external storage device. Quickbooks will automatically date stamp its backup files & you can specify how many copies to save until it deletes the oldest one. This is a good practice in case there is damage to your data. For example, if important information was deleted 2 days ago but the deletion was discovered today a backup made yesterday would be worthless as far as recovering that deleted data.
Keep a copy of your data offsite – In addition to your standard onsite backup you should have at least 2 copies of critical data offsite. You can use an online backup service where your data is stored on a remote secure server. Alternatively, you can store an additional external hard drive or DVD backups at a secure location other than the office where the accounting records are stored. This measure will protect against theft, flood or fire at your business location resulting in loss of your computer as well as the onsite backups.
Test your backups – Make sure the backups you have can actually be restored in case there is a hardware failure. If you didn't back up the data you thought you were saving, or somehow the backup is not complete you will have to reconstruct some or all of the data.
Protect data from outsiders:
Avoid wireless connections – While this is fine for personal web surfing, if you are using a wireless connection to connect your business computers to the company network or the internet, you should consider whether this is absolutely necessary. Your data can be intercepted by anyone within range & even if you have encryption set it can be compromised if the potential hacker has the time & resources to do so. It is particularly important to use hardwire connections in situations where sensitive data is involved such as patient records in a doctor's office. If you do use a wireless connection at least make sure to use the highest encryption standard possible & newer routers and network cards that will support such standards. You should make sure your wireless network is set up using these wireless security guidelines.
Beware public wifi! - Never transmit sensitive information over any public wifi since you really don't have any control over security in these situations. In other words it's a bad idea to check your online banking at Starbucks. Remember anything that involves a password (such as an email login) or credit card info should never be transmitted over public wifi.
Use stong passwords – It is a good idea to password protect all business computers. Have them set up to require password for login as well as an inactivity logout (in case you walk away). Make sure to use strong passwords & change the passwords on a regular basis. If you have to write your passwords down don't leave them near the computer & don't write anything on the paper that indicates that they are computer passwords. You should also set passwords on business critical programs such as Quickbooks and make sure only the people who need access to that data know the password. It is also very important to protect the password for your email since your email can be used to reset various online passwords & since there is often sensitive data within your emails. Don't underestimate the damage that can be done if your email is compromised.
Don't mix business and personal use – Don't allow your business computer to be used for personal use. This will lessen the chances of virus/malware/trojan infection as well as avoiding unauthorized persons accessing business data. If you have a home office, don't let family members or guests use the business computer for personal web surfing. Supply them with a different computer intended for this purpose which is not networked to the business computer.
Avoid traveling with a laptop that has business data on it. Most likely all you really need to stay in touch is your email, so why carry all that sensitive data around & take a chance of it falling in the wrong hands if your laptop is stolen? It is probably a good investment to purchase a "personal use only" laptop for travel and surfing in public places.
Follow general security practices:
Make sure you are protected by a hardware firewall (router) as well as a software firewall & keep your computer free of virus/malware/trojans. This requires more than just installing an antivirus program! Make sure to perform regular maintenance on your network no matter how small or large it is. Like it or not, your business depends on that network and the data that it handles. Also remember: if a computer is getting slower and taking a long time to boot up it usually means you have a virus/malware/trojan issue.
