Don't Get Punked! p.3

PROTECTION IS POSSIBLE

“Salon Professional Services—parent company of AVEYOU—uses Microsoft Security Essentials on our office, warehouse and store computers,” says AVE-YOU’s Esposito. “We have tried them all through the years and feel this service is the best in the industry right now. We also run daily security checks with SpyBot to check and remove any potential spyware that may have been placed on our computers.

“In addition, we use McAfee SECURE ScanAlert, TRUSTe and Network Solutions SSL Security on our sites,” Esposito says. “Our site is monitored by the second for any irregularities or vulnerabilities. Security is of the utmost importance to our company. Protecting our customer’s sensitive information has been an area of our expertise over the past 10 years, and we are always implementing new features to further expand those protections.”

“Fundamentally, good security really is just good systems administration,” says Ira Winkler, founder of Internet Security Advisors Group, a computer-security consulting firm. “And if you can’t afford or can’t get a good system administrator, I recommend outsourcing that.”

In fact, Winkler says that the smallest of businesses will probably be better served by an outsourced, third-party solution, given that the entire focus of a top-notch network-systems provider is on configuring, maintaining and securing computer systems 24/7.

At a minimum, Nelson recommends a quality firewall that’s properly configured, and Internet security software that guards against viruses, malware and spyware. There should also be security policies in place regarding password length, complexity and the like, Nelson says. And you’ll also need to be sure staff gets the message that your company’s security is serious business.

Be careful with any custom-made software, Nelson adds, since these programs are rarely subjected to the rigorous security testing that popular, established software endures. Content management systems—software designed to enable businesses to easily update their websites—are often custom made. “A custom CMS is usually a bad idea,” Nelson says.

Many people also tend to get lazy about passwords. Surprisingly, one of the most commonly used is “P-A-S-S-W-O-R-D”—a seemingly trivial oversight that has spelled the undoing of countless, otherwise stellar computer-security systems.

Nelson recommends complex alphanumeric passwords of more than 12 characters, which are tough to crack even by password-stealing software specifically designed for the purpose. And she reminds people to use different IDs and passwords at different gateways.

[Image: Google images]