The data on your company's network is among your most valuable assets, and it needs to be protected. A breach of your network can be catastrophic, as unauthorized eyes can gain access to customer lists, proposals, pricing information, employee data, financial records, customer orders and more. While it may sound alarmist, it takes only one breach to make you wish that you had taken simple steps to protect your network.

A network security program can only be effective if everyone in your company is committed to it. You can foster that commitment through a formal policy that lets employees know their specific responsibilities. The policy should describe:

• All components of your network, including the various hardware and software platforms and outside connectivity.
• Standards to be used for network security, including virus protection software, firewalls, encryption, intrusion detection, etc.
• Employee responsibilities regarding acceptable use of the network and confidential data.
• The manner in which security breaches will be reported and handled. For instance, are there instances where law enforcement officials will need to be notified?

Your network security policy should mandate these steps to ensure that the data on your network remains safe and secure:

Build firewalls

A firewall establishes a protective layer between the outside world and your network to prevent access by anyone who does not use the proper log-in information. Firewalls can be composed of software or software-and-hardware combinations, and are particularly crucial when your network has an always-on connection to the Internet.

Inoculate against viruses

Computer viruses can range from innocuous annoyances that can disrupt daily workflow to full-blown threats that can bring down your network. Virus detection software can alert you to viruses that are trying to penetrate your network, and in many cases can eliminate them before they cause harm. Because new viruses are discovered every day, it is essential for every organization to keep its virus protection up-to-date on all Internet-connected devices.

Back up your data

Should your network data be lost or compromised, make sure you have an up-to-date backup so that you can quickly recover. Many small businesses turn to online backup, which lets them send the files they need to protect to a remote server where they are encrypted and updated at least daily. Should data damage occur, you can then access those files remotely to restore your files.

Enforce password policies

Password protection is the front line force against network security breaches. Employees should change their passwords regularly—every two to three months at the very least—and new passwords should not be similar to old ones. The most effective passwords are a mix of upper- and lowercase letters and numbers, and do not contain words that are in the dictionary—since hackers may use programs that try every possible word.

Remove old users immediately

It's not just malicious outsiders who pose a threat to your data. People who leave your company should have their network privileges terminated immediately. This can help keep disgruntled former employees from stealing data or altering software or settings.

Create an access hierarchy

Not every file on your network needs to be accessed by every person in your company. Use your network administration software to set network privileges. For example, many businesses restrict access to payroll information, balance sheets and similar data to their human resources and finance departments.

Track your security logs

Make sure that your network administrator regularly reviews network access logs to see who has been trying to gain access to your servers and when they have been doing so. Keep an eye out for unusual usage. For example, a remote access attempt that is continually denied could point to a hacker trying to breach your firewall. An employee who appears to be trying to sign on during off-hours and weekends could indicate a stolen password. Treat every concern as a possible threat and always err on the side of caution.

Security Resources

These resources can help keep you up-to-date on the latest developments in network security, and can help you learn more about implementing policies and practices that can keep network threats at bay.

IT Security

IT Security is a news and information publication covering all aspects of network security. The site provides original content covering viruses, vulnerabilities, news, events and background information.

Microsoft Security Guidance Center

This section of Microsoft's small business site contains bulletins and alerts related to security issues for Microsoft Windows^®. It also offers advice on how to protect your business from hackers, viruses and other security issues, as well as a list of security resources.

U.S. Chamber of Commerce Security Toolkit

To help its members operate safely and securely, the U.S. Chamber of Commerce maintains this site, which aggregates various articles and resources on developments in data and cyber security. It also offers free how-to information on securing your business.

CERT

Established in 1988, CERT serves as a center of Internet security expertise. Originally created to coordinate communication among security experts during emergencies, CERT is now the leading research organization tracking intruder techniques and other Internet security developments. Its Web site contains a wide range of helpful information for both novice and advanced users. It regularly posts listings of the latest security threats, as well as advice on how to avoid them.

SANS

A training and certification organization for network security professionals, SANS also maintains a large collection of research documents about various aspects of information security. It posts a regularly updated list of the 20 most critical Internet security vulnerabilities. SANS also operates the Internet Storm Center, a powerful tool for detecting rising Internet threats.

On Guard Online

Maintained by the FTC, this Web site provides practical tips, articles and interactive tutorials from the federal government and the technology industry to help individuals and businesses stay on guard against Internet fraud, secure computers and protect confidential information.

National Cyber Security Alliance

The nonprofit National Cyber Security Alliance is a resource for cyber security awareness and education for home users and small businesses. It provides tools, resources and tips designed to help small businesses understand the need for and benefits of securing their networks and computer systems.

Related Links

Resource Links

• Develop Your Network Security Policy
• Provide Superior Customer Care
• Top Planning Tips for 2008
• Planning Your Technology Investments

Technology News

Network Security

• Nowhere to Hide (Forbes, September 10, 2007)
• Business of Fear: Worst Cybersecurity Meltdowns (Forbes, October 26, 2007)
• Accounting for Human Error (Forbes, August 30, 2007)

Marketing and Customer Service

• Nailing New Profits (Fortune Small Business, August 22, 2007)
• Take Your Business Global (Fortune Small Business, October 18, 2007)
• Milling Profits from Spice (Fortune Small Business, October 1, 2007)

Business and IT Planning / Management

• Fixing A Family Business (Fortune Small Business, September 2007)
• When, Why, and How To Fire That Customer (Business Week, October/November 2007)
• When Good Deals Go Bad (Inc.com, November 2007)