You are here: Home / Archives for Blog

Week 3: Wireless Security

April 6, 2009 By Leave a Comment
  • How would you like your “office/business park” to see what checks you print out each week? No
  • Get out the manual for that wireless access point (WAP) that you bought and stuffed under a desk when you got it working.
  • Does it mention any thing about a firewall? If not, budget about $150 for one that combines firewall, router, printer port and wireless access point. Did you ever configure it? See if you wrote down the password to get back into it, or read up on how to re-set it to the default, because we start there. This will cost you about a day, so Sunday pick up some pastries, a pot of coffee, and plan on some work.
    • Select a non-routable address range for your office net work.
    • Select a password for the administrative account. No words from a dictionary or profanity (too easy). Pick something with numbers, letters, capitals, and special characters (shift-numbers). Write it down, seal it in an envelope, and drop it in your safe deposit box or fire safe at home so you can find it again. Do not use your business name or your birthday. If they let you change the adminname, write that down too, and pick something other than “boss,”or “administrator.”Use something totally unrelated to your business.
    • Read that manual and learn how to properly configure the access point.

Week 2 —  Week 4 →

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , ,

Week 2: The Paperwork Begins

April 6, 2009 By Leave a Comment
  • Do you have a crosscut Shredder? Stay away from the strip shredders they are more for convenience than security.
  • Get a mid-range crosscut shredder (about $150- $300)
  • Everything paper goes through the shredder: anything with addresses, credit card info, schedules, phone numbers, and travel itineraries.
  • “Why?” Well, criminals and people with malicious intent like to “dumpster dive” for those juicy credit card numbers and passwords. It gets the “diver” maybe USD$15, and you get to spend 10 years cleaning up your financial reputation. (You just knew there was more paperwork.)

Week 1Week 3 →

 

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , , , ,

Week 1: Secure the Physical

April 5, 2009 By Leave a Comment
Week 1: Secure the Physical
  • Check your door locks at each entrance: throw bolts long enough (the kind with the rotating rod in the bolt)
  • Verify if you might need anti-theft bars. If there is skylight, perhaps it needs to be covered with a solid barrier.
  • A list of people with keys. Do they still need them?
  • Inventory of fire alarms, smoke alarms, extinguishers. If you don’t have them hit the hardware store. Make sure you put the alarms up according to instructions.
  • Communicate any improvements to the insurance company they might offer you a discount
  • You can later consider an alarm systems connected to an alert/answering company to call the fire or police departments.
  • I would also verify the cost of some surveillance cameras they have gone down in price and add great value in protecting your all assets.

Week 2 →

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , , ,

7 Week Plan to Safeguard Your Small Business Assets

April 3, 2009 By Leave a Comment

As I travel from one business to another, I am aware of opportunities to create awareness about safeguarding IT Assets and Information.

I want to share a few situations in which I bumped into a small business that exposed itself to a possible information theft attack and IT Assets being stolen.

Scenario 1:  A few months ago I went into a Computer Shop with a peer who is also in the IT Security Field and we noticed that a USB Drive was connected to a computer facing the public. After interviewing the clerk and asking her what that USB was used for, she explained that it held customer information and administrative documents. I have been to that computer shop in many occasions and know for a fact that it would have been extremely easy to remove the USB drive and walk out the door.  I requested the clerk to remove the USB and keep store in a safe place. She replied that it was fine where it was. The clerk was not too happy that I found a flaw or probably did not understand my free advice and changed her attitude into a negative one quickly. I took no further action, left the location and decided not to return again.

Scenario 2: I had to get an X-Ray on my foot and went to a radiologist. I took my laptop for the wait to keep myself up-to date on emails and other tasks that I needed to complete for the project I was about to start. As I sat down in the Radiologist’s waiting room, I realized that their Wi-Fi network was unsecured. I got a bit curious and attempted to log-in into their router which I found was also using the default password for that brand. I spoke to the manager and owner of the office and let her know that her network was open. She replied saying that she did not have the time to set up a password or had the knowledge to do so. I explained possible consequences but she was in such a hurry that she might not have listened to half of what I said. Since I needed my X-rays quickly before I left on my trip, I told her that I could take care of securing her router and she finally agreed and would not charge her. A few minutes later I was waiting to assist her in securing her network and the admin replied that it was going to be too much of a burden for her to walk me over to where the router was located. They were going to have someone come in and do it at another time. I was amazed at her reply and once again my free advice had been rejected.

These two scenarios are good examples regarding how lack of awareness with staff and management can cause future problems that can add to be of extraordinary cost from a monetary and reputational standpoint.  In the first scenario this store is directed towards IT oriented customers. How would they feel if they knew their personal information was at an arm’reach of any possible identity thief? In the second scenario I am sure that if I would have kept browsing I would have found critical patient information.

My recommendation is for a small business to conduct a security assessment at a scale that is cost effective and reasonable to mitigate any risks related to information security. The easiest solution for any small business owner is to have a Seven Week Plan to make your business healthier. I read an article with the same title “The Seven-Week Get Healthy Plan for Small Business” by one of my fellow ISSA Members, Greg Playle. 

I am going to summarize his plan week by week and if you need more detail please feel free to email me or download the complete article written by Greg Playle.

If you read this article and need help at any of the previous tasks please feel free to contact us.

 

 

 

We can probably assist you in creating and implementing a safeguarding your critical assets strategy.
I found the article very useful and I have been able to implement this plan in less time and customized at some clients.
However, in the case that the small business owner decides to implement the plan himself it would be great to follow the recommended time span  it is also a way of not impacting the business operations significantly.
Filed Under: Small Business Tagged With: , , , , ,

Need help improving your online presence?

Fill the short contact form below!

*(denotes required field)



Have you signed up for updates yet? They're free.


Slideshow by webdesign