Today’s small business: online, networked and exposed


By early 2007, over 510,000 Australian businesses ? with the majority being small businesses ? were connected to the internet by always-on broadband, many without proper online security systems in place to protect them from the dangers of continual exposure to the internet. Unfortunately, hoping nothing goes wrong, or when it does go wrong it?s fixable, is a poor strategy for business.

Perhaps the biggest problem in so many small businesses is the owner?s false sense of security when it comes to online threats. Corporate espionage, server takedowns, virus infestations and data hacking is something that only happens to big enterprises, right?

Wrong. Small businesses are just as vulnerable to cyber crime as large ones ? more so, because so many are negligent when it comes to computer security. The money required to properly secure computer systems, and the time required to learn about the threats, is often seen as daunting. In reality, the combination of low-cost security software and a small number of sensible and readily enforceable company policies can go a long way towards protecting a company against most of the threats the Internet has to offer.

Default settings inadequate

It?s clear is that you can?t rely on the default settings of your networking hardware or computer systems to cover you against internet threats. Operating systems have become better, with Windows XP and Vista now shipping with firewalls and very limited anti-spyware, but they?re still not anywhere near the standard required for proper security. There?s no anti-virus, the firewalls are unintelligent and there is virtually no protection against malicious websites, phishing scams and email viruses. The default setup of a new PC is generally insecure, and it?s up to you to secure it.

Likewise, networking hardware is getting better ? wireless access points, for example, are now rarely shipped with the wireless network switched on and open, but they still use administrator passwords and addresses (which many companies neglect to change) that are easy for anyone to guess.

What if?

This lack of security in the default setups of computers leaves many companies vulnerable to massive losses as a result of data breaches. You may not immediately think you have much data that?s worth caring about, but when you start considering the possibilities, you may find you have something worth worrying about after all. What if you suddenly lost all your financial records, or the credit card details of all your customers was stolen from your database (as happened recently to Roses Only)? What if all your PCs became unusable for hours or days, how much would that cost you? A single virus infestation could cause any of these problems. The attack may not necessarily be specifically directed at you ? most cyber attacks cast a broad net, trying to sweep up as many companies and individuals as possible ? but you should make sure that you?re not one of them.