How business owners can protect their network from the inside and out

Jalal Nazeri, certified information systems auditor, Sensiba San Filippo LLP

Jalal Nazeri, certified information systems auditor, Sensiba San Filippo LLP

In this day and age, only a small number of businesses can function without a network of computers. Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt. Owners of small to midsize businesses have to be cautious of cyberattackers, and depending on your industry, your business may be an easier target than larger businesses.

With cyberattacks on the rise, Smart Business spoke with Jalal Nazeri, a certified information systems auditor at Sensiba San Filippo LLP to discuss what business owners can do to protect themselves.

What is the first step toward protection?

The first task in creating a secure network is to draft a security policy, which, if carefully managed, can lower the risk of these threats.

When drafting a policy, consider every perceived threat, no matter how unlikely it may seem. Communicating and monitoring these policies regularly will lay the groundwork for compliance in defense of your network.

There are a number of core ideas to consider in implementing a policy. First, you will need to do a risk assessment to identify risks and determine the best methods to prepare for them. Then you will need to classify data by sensitivity level and develop access restrictions. Consider what the security requirements are of an authorized user and assess the possible risk, both logical and physical. In addition, create a plan to back up each user’s data. Finally, ongoing monitoring and maintenance of your risk assessment and the underlying policies and procedures is a must.

How do you manage employees’ usage of company computers?

An acceptable use policy is a common element to include in your security policy. The acceptable use policy restricts users by giving them guidelines on what they can and cannot do on your company’s network. Adding these restrictions can place an inconvenience on the end user, but it’s imperative to have them in place for the protection of your organization. The end user can be an organization’s weakest point.

Once a user reviews the policy and accepts the restrictions in place, it’s important that he or she sign the policy. Users should be made to re-sign the policy whenever it changes, and at regular intervals even when unchanged. Some companies set a six-month timeline, others vary. The value of the policy depends on the communication and monitoring of compliance. Without enforcement, its value is greatly reduced.

What are other tools businesses can use?

A few other key items a business can use are firewalls, content filters, encryption, virus protection, and accounts and passwords. Business owners need to maintain these tools, not just put them in place and forget about them.

Firewalls act as a barrier to the internal network, blocking unwanted traffic, while content filters restrict material delivered on the network and control what content is available to users on the Internet. Encryption is becoming more vital for transferring and storing data, whether it is for regulatory compliance or customer protection from theft.

Anti-virus software is a must on all your servers and workstations. A scheduled virus scan should never be missed, and always have automatic updates turned on.

Never use generic passwords or account names, and restrict users to using only their own login. Passwords should follow a complexity requirement, like the use of a mix of letters, punctuation, symbols and numbers, and should also have a limited lifetime and a rotation.

What is the value of taking these steps?

With small to midsize businesses, budget is always a major consideration in what is plausible in obtaining the most secured environment. With a good policy in place, identification of priority spending can be determined and can reduce the need for excess software and hardware.

Cyberattackers look to gain access to networks that have the least amount of resistance. A good security policy protects data against potential threats. Without one, the company may incur significant remediation costs, lose productivity and even lose clients.

Jalal Nazeri is a certified information systems auditor at Sensiba San Filippo LLP. Reach him at (925) 271-8700 or [email protected]

Visit our blog for more market insights.

 

Insights Accounting is brought to you by Sensiba San Filippo LLP

Dell in talks to go private, shares surge

NEW YORK/SAN FRANCISCO, Mon Jan 14, 2013 — Dell Inc. is in talks with private equity firms on a potential buyout, two sources familiar with the matter told Reuters, confirming reports that sent shares in the world’s No. 3 PC maker soaring 13 percent to nearly a eight-month high.

The firms are now holding discussions on a deal with billionaire CEO and founder Michael Dell, who owns about 14 percent of the company, according to one source with knowledge of the matter.

The Wall Street Journal cited unidentified sources as saying TPG and Silver Lake could team up on an offer, possibly in conjunction with other investors such as pension funds. JPMorgan Chase & Co. was also involved in the negotiations, it added.

The first source told Reuters any potential deal could be structured as a management-led buyout with Michael Dell at the helm.

Talks had progressed for two to three months, heating up in late 2012, and a deal could be reached in six weeks, the Journal cited sources as saying.

Dell’s outlook disappoints as PC market falters

ROUND ROCK, Texas, Wed Aug 22, 2012 – Dell Inc. warned of a challenging second half and slashed its full-year earnings outlook as customers cut back on computer purchases ahead of the launch of Microsoft’s Windows 8 software, sending its shares down more than 4 percent.

Dell – once the world’s top PC maker and a pioneer in computer supply chain management – is struggling to defend its market share against Asian rivals like Acer Inc and Lenovo, and the fast-growing adoption of tablets like Apple Inc’s iPad.

Founded by CEO Michael Dell, it is in the midst of a turnaround, juggling acquisitions to bolster growth with the need to fatten margins by trimming expenses even as global tech spending appears to be slipping. In May, it warned that global tech spending is weakening faster than anticipated.

The No. 2 U.S. PC maker on Tuesday forecast revenue would slide 2 percent to 5 percent in the fiscal third quarter from the second, to $13.8 billion to $14.2 billion. That lagged Wall Street’s target of $14.85 billion.

It is predicting earnings per share of “at least” $1.70 for fiscal 2013, compared with a previous forecast for more than $2.13.