One of the biggest challenges facing businesses today is securing their computers and networks without breaking their budgets. There are several pieces to creating a secure network. It all starts with asking ourselves a very simple question: What do we have to protect and who are we protecting it from? The “what” is usually easy to answer and takes the form of user data, financial information, certain communications, and passwords. One often overlooked item that needs protection is reliability of the PCs. Often viruses, spyware, or unruly users don’t compromise data, but damage the operating system or consume system resources. Repairing and recovering these resources can by expensive in terms of downtime and repair costs.
Who are we protecting it from? That question is a little harder to answer. Sometimes it’s a devious employee or competing company, but a vast majority of the time our nemesis has no name, is located in another country, and has no real ties to the victim. I am often asked what motivates individuals to write malicious programs or hack into systems of random companies. The answer is usually money and occasionally notoriety. A few years ago, I worked with the FBI and a company whose firewall was not properly configured and a large sum of money was taken from their accounts by the Russian mafia.
Most hackers attempt to steal your passwords, credit card information, or resources. These hackers create programs that have two goals. The first is to spread as wide and quickly as possible. The second is to steal passwords, banking information, or resources. These programs, known as spyware or malware, spread through the Internet using email, websites, or SQL injections. Once a machine is infected, it will begin sending out copies of the malware helping it propagate throughout the Internet. This is how a hacker steals your resources. Many times, the traffic and CPU utilization from such an infection will greatly reduce Internet bandwidth and slow PCs down to a crawl. These infections also record keystrokes, look for banking logins, redirect Internet browsers to fake websites, and attempt to collect your information.
Providing security from these attacks is crucial to maintaining your business. The two most important steps you can take to protect yourself is to keep your operating system up to date and installing antivirus software. Newer operating systems like Windows 7 Professional limit the damage malware can do by limiting access to critical components through user access control. Most current antivirus applications scan for known malware and update these definitions regularly. Other important steps you can take are making sure your passwords are complex, installing a network firewall appliance.
Network security is important and you should consult with an experienced professional to make sure your operating systems are up to date, your antivirus software is active and reporting properly, and your firewall is properly installed and configured. If your company requires HIPPA or PCI compliances, security can become even more complicated.