|
|
 |
|
|
Security and Reliability
|
|
Security and Reliability
IT and Security
We use the phrase "IT and Security" and distinguish it from what others call "IT Security". As with many things, we need to deal with security and reliability as a system as opposed to unrelated entities. IT security cannot be implemented in a vacuum. The news is full of companies that tried it that way, and failed miserably.
Most security procedures are neither difficult nor expensive for the small business to implement. There are basic components: physical, power, firewall, anti-virus/anti-spam, back-up, passwords and education.
This may sound like a lot, but it costs so little compared to what it costs to replace damaged and/or stolen systems. We are not referring to PCs and printers, though they obviously have cost associated with them. We are referring to your data: client contact information, orders, accounts, balances, preferences, marketing options, and the companies' books. The cost of replacing a stolen PC is negligible compared to the cost of recovering lost or stolen data.
Let us look at the 7-layers. If a product or manufacturer is mentioned, then it is a reliable choice, but not necessarily the only one. As always, stick to mainstream products. Experimentation is fine for your R&D department, not your business operations.
Physical Security
Basically, this includes good locks, after hours lighting, remotely monitored alarms for police and fire, and limitations on how many people have the keys and the alarm codes. Change the alarm codes annually or every time an employee leaves, whichever comes first. Do NOT feel self-conscious about changing the codes because of employee turnover. Make it policy and do it every time.
Power
Buy quality UPS' and surge arrestors such as those APC manufactures.
UPS' should back up critical servers and PCs along with interconnecting switches or routers. The manufacturer should be able to assist in selecting a properly sized unit based on the device it will protect, and the amount of time you need to have the equipment run when the power fails. Most outages do not exceed more than a minute or two. Occasionally an outage might last an hour. If power is out longer than that, you may just need to shut down. Chances are, none of the other equipment in your office is running and your phones are out, too. Look at spending between $150.00 and $500.00 per unit, depending on the equipment load and how long you need it to stay up during a power outage.
Remember, a UPS is essentially a battery, and eventually it will lose it's capability to accept or retain a charge. Even if you do not wish to purchase a maintenance contract, at least take advantage of the manufacturer's trade in policy and let them recycle/dispose of the old battery. This will save you time and is the environmentally conscientious thing to do.
If you really need to stay up and running during longer outages, consider an MG (motor-generator) Set. If your property has access to a natural gas line, go that route instead of gasoline or diesel. This isn't for the faint-of-heart, as the unit and installation can run into the thousands of dollars. But it has the potential to save you even more. We learned our lesson in August 2006 when repeated power failures were caused by overloaded transformers. The problems persisted for four consecutive and very long days in 4 to 6 hour intervals. What we lost in billable hours just that one week would have paid for a natural gas driven MG Set.
Surge arrestors should sit between the wall outlets and every piece of networked computer equipment: PCs, printers, switches, routers, hubs, modems, scanners, etc. Adding one for your phone system, stand-alone photo-copiers and other expensive equipment may very well protect you from costly repairs. Also put a surge arrestor between your broadband connection and your network. APC and the other major manufacturers make excellent and inexpensive devices for DSL (phone) lines and coax (cable). There should be no electrical path to a PC or other networked device that doesn't first travel through a surge arrestor.
Firewall
For a small business, something as inexpensive as a Linksys or Netgear DSL/cable router will suffice. These cost approximately $100.00 and are simple to install. If you have a larger installation, you probably also rely on a networking professional, or outsource your technical support to a consultant. Speak with them.
Internet Security (anti-virus/anti-spam)
This should not be a foreign concept, nor should this require a lengthy explanation. For a small shop with a few PCs, buy a 5-client license internet security package from Symantec or McAfee. If your installation is larger, or you have a server, consider getting a corporate package where all of the installations can be managed/monitored from the server. 5-client licensing starts at approximately $70.00.
Data Security (Back-up)
Protect your data. Starting with XP, Windows Professional began supporting mirrored hard drives. This will protect your data if one hard drive fails. Unless you are a bank, insurance company, call center, etc., running intensive transaction based systems, you do not need to get into the higher levels of RAID. For the small business this is one place where bigger is not better. Mirrored drives are enough for both desktop and servers in the small business environment.
Back-up your data. A decent DDS tape drive (Sony or HP), back-up software (Back-Up Exec) and a box of tapes will cost approximately $1,500.00, and last for years as you recycle your tapes. But backup tapes are not worth much if they are stolen with the equipment or destroyed by fire because you left them in the office. Take the tape from the previous night home with you. And periodically, whether it is quarterly, bi-annually or annually, cut a tape and store it in your businesses safety deposit box at the bank.
Alternately, you can subscribe to a service that will back-up your data remotely. If you outsource this function, make sure you know your service provider and pay special attention to their corporate health. Remember, they will have all of your data stored at their site. Look for a clause in their contract that protects you and allows you to secure your data, should they file for bankruptcy or bankruptcy protection. Some services provide this added level of reassurance by giving their customers a copy of the backups on a periodic basis, along with a stripped down version of the software that can be used to restore the data.
Strong Passwords
This is a very inexpensive security item that people love to ignore. Require that everyone use a long complex password that they do not share. Here is a checklist for all passwords:
Administrator passwords are special. For a small business apply the following additional rules:
Education
Educate yourself; educate your employees. Do not implement cold policies, but make sure that your employees understand how the policies protect the company, the employees, and their jobs.
Cost
Yes, we know, you own the business and the bottom line is one of those things you worry about. And by now you are trying to figure how much all of this will cost you. Well the simple truth is that this adds up to approximately $2,150.00 for 5 PCs for 5 years. Sounds expensive? Well think of it this way, that's $86.00 per PC per year and represents protection in case of fire, theft, lightning strike or power surge, black/brown outs, viruses, worms, and hard drive failure. If it still sounds like a lot, here are two simple questions.
If you want to gamble, buy a lottery ticket. Don't risk your livelihood.
"I'm closing this case now-or rather, the courts will- but there'll be others, because that's the way the world is built. There are people who will slap you on the back with one hand and pick your pocket with the other. And it could happen to you." --Captain John Braddock, Racket Squad
|
| copyright Natelli Systems, Inc. 2015 |
