You are here: Home / Archives for Blog / Resources

Week 6: Reduce liability

April 6, 2009 By Leave a Comment


  • Look for “pinch points” that trap small fingers, cracked sidewalks, seasonal slick spots where people walk, and such. Any places you do not want customers into? Solve them. Your lawyer will hate you. He loses fees. Your insurer will like you. They (and you?) save money. Your customers probably, will not even notice, until they cannot sue you because they slipped on the ice.
  • You have to think like a four-year-old boy (they get into trouble; I know from personal experience). They stick fingers into places fingers should not go (pinch points). They stumble over the pattern in concrete. They pour sodas down your office printer. (OK, maybe will take a month or two to fix all these, but now you have the list, and can tackle each one as you have time and money.) And, now that you have reduced the obvious hazards, consider business liability insurance.

Week 5 – Week 7 →

 

Main Article 7 Week Plan to Safeguard Your Small Business Assets

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , ,

Week 5: A backup routine

April 6, 2009 By Leave a Comment

  • What if your business gets burglarized and the accounting computer is stolen?
  • You probably drop your receipts at the bank every night, or at least once a week, have a fire safe for the records you keep on-site, and a key to lock that fire safe.
  • If your business gets caught in a fire you would like to rebuild your records quickly.
  • Back to our computer-savvy friend: have them write you a simple script to dump your data files to a big thumb drive (budget $50 ~ 100 per drive), or buy a backup program.
  • Take backups of your data, and the installation disks and license numbers for each of your software programs, and drop them in that same safe deposit box you put your tax and other records in.
  • Store those off-site from your business. Take the backups on Friday night, drop them off Saturday morning when you do your banking.

 

Week 4 – Week 6 →

 

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , , ,

Week 4: Safety first

April 6, 2009 By Leave a Comment
  • All data that has been entered to your books and into your accounting program needs protection. It would be a shame to lose all that data, so, let’s tighten up and harden that box.
  • You want an Internet security program that includes a personal firewall, antivirus software and anti-spyware. Budget about $150 and an hour or so to install, configure (according to directions) and update it.
  • One copy per computer you have, whether at home, work, or a laptop you carry around. If you are in the habit of leaving your computers on, it is very feasible for someone to attack the computer and copy, remove or destroy the data. We are locking that down through this process.
  • When you finally upgrade to a new computer, do not just give the old one away without wiping the hard drive. Deleting everything will not work. I’ve found everything from birthday greetings to budgets to business proposals on “deleted” drives. Back to your friendly computer person, and ask for a secure wiping program that will over-write the disk at least seven times. Launch it and let it work for a day or three. Then give the computer away. (I don’t give any disks away without wiping. With diskettes, I prefer to take them apart and physically destroy them. Thumb (USB/flash) drives are crushed.)
  • When your administrative assistant moves on to a different job, change the passwords on your computers and firewall. Chances are he had the passwords and logon information. While people usually bear you no ill will, there is always one person somewhere who is willing to do something wrong. Sometimes even good people do the wrong thing when presented with an opportunity too good to pass up.

 

Week 3 – Week 5 →

 

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , , ,

Week 3: Wireless Security

April 6, 2009 By Leave a Comment
  • How would you like your “office/business park” to see what checks you print out each week? No
  • Get out the manual for that wireless access point (WAP) that you bought and stuffed under a desk when you got it working.
  • Does it mention any thing about a firewall? If not, budget about $150 for one that combines firewall, router, printer port and wireless access point. Did you ever configure it? See if you wrote down the password to get back into it, or read up on how to re-set it to the default, because we start there. This will cost you about a day, so Sunday pick up some pastries, a pot of coffee, and plan on some work.
    • Select a non-routable address range for your office net work.
    • Select a password for the administrative account. No words from a dictionary or profanity (too easy). Pick something with numbers, letters, capitals, and special characters (shift-numbers). Write it down, seal it in an envelope, and drop it in your safe deposit box or fire safe at home so you can find it again. Do not use your business name or your birthday. If they let you change the adminname, write that down too, and pick something other than “boss,”or “administrator.”Use something totally unrelated to your business.
    • Read that manual and learn how to properly configure the access point.

Week 2 —  Week 4 →

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , ,

Week 2: The Paperwork Begins

April 6, 2009 By Leave a Comment
  • Do you have a crosscut Shredder? Stay away from the strip shredders they are more for convenience than security.
  • Get a mid-range crosscut shredder (about $150- $300)
  • Everything paper goes through the shredder: anything with addresses, credit card info, schedules, phone numbers, and travel itineraries.
  • “Why?” Well, criminals and people with malicious intent like to “dumpster dive” for those juicy credit card numbers and passwords. It gets the “diver” maybe USD$15, and you get to spend 10 years cleaning up your financial reputation. (You just knew there was more paperwork.)

Week 1Week 3 →

 

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , , , ,

Week 1: Secure the Physical

April 5, 2009 By Leave a Comment
Week 1: Secure the Physical
  • Check your door locks at each entrance: throw bolts long enough (the kind with the rotating rod in the bolt)
  • Verify if you might need anti-theft bars. If there is skylight, perhaps it needs to be covered with a solid barrier.
  • A list of people with keys. Do they still need them?
  • Inventory of fire alarms, smoke alarms, extinguishers. If you don’t have them hit the hardware store. Make sure you put the alarms up according to instructions.
  • Communicate any improvements to the insurance company they might offer you a discount
  • You can later consider an alarm systems connected to an alert/answering company to call the fire or police departments.
  • I would also verify the cost of some surveillance cameras they have gone down in price and add great value in protecting your all assets.

Week 2 →

Main Article 7 Week Plan to Safeguard Your Small Business Assets

 

Filed Under: 7 Week Plan to Safeguard Small Business Assets Tagged With: , , ,

7 Week Plan to Safeguard Your Small Business Assets

April 3, 2009 By Leave a Comment

As I travel from one business to another, I am aware of opportunities to create awareness about safeguarding IT Assets and Information.

I want to share a few situations in which I bumped into a small business that exposed itself to a possible information theft attack and IT Assets being stolen.

Scenario 1:  A few months ago I went into a Computer Shop with a peer who is also in the IT Security Field and we noticed that a USB Drive was connected to a computer facing the public. After interviewing the clerk and asking her what that USB was used for, she explained that it held customer information and administrative documents. I have been to that computer shop in many occasions and know for a fact that it would have been extremely easy to remove the USB drive and walk out the door.  I requested the clerk to remove the USB and keep store in a safe place. She replied that it was fine where it was. The clerk was not too happy that I found a flaw or probably did not understand my free advice and changed her attitude into a negative one quickly. I took no further action, left the location and decided not to return again.

Scenario 2: I had to get an X-Ray on my foot and went to a radiologist. I took my laptop for the wait to keep myself up-to date on emails and other tasks that I needed to complete for the project I was about to start. As I sat down in the Radiologist’s waiting room, I realized that their Wi-Fi network was unsecured. I got a bit curious and attempted to log-in into their router which I found was also using the default password for that brand. I spoke to the manager and owner of the office and let her know that her network was open. She replied saying that she did not have the time to set up a password or had the knowledge to do so. I explained possible consequences but she was in such a hurry that she might not have listened to half of what I said. Since I needed my X-rays quickly before I left on my trip, I told her that I could take care of securing her router and she finally agreed and would not charge her. A few minutes later I was waiting to assist her in securing her network and the admin replied that it was going to be too much of a burden for her to walk me over to where the router was located. They were going to have someone come in and do it at another time. I was amazed at her reply and once again my free advice had been rejected.

These two scenarios are good examples regarding how lack of awareness with staff and management can cause future problems that can add to be of extraordinary cost from a monetary and reputational standpoint.  In the first scenario this store is directed towards IT oriented customers. How would they feel if they knew their personal information was at an arm’reach of any possible identity thief? In the second scenario I am sure that if I would have kept browsing I would have found critical patient information.

My recommendation is for a small business to conduct a security assessment at a scale that is cost effective and reasonable to mitigate any risks related to information security. The easiest solution for any small business owner is to have a Seven Week Plan to make your business healthier. I read an article with the same title “The Seven-Week Get Healthy Plan for Small Business” by one of my fellow ISSA Members, Greg Playle. 

I am going to summarize his plan week by week and if you need more detail please feel free to email me or download the complete article written by Greg Playle.

If you read this article and need help at any of the previous tasks please feel free to contact us.

 

 

 

We can probably assist you in creating and implementing a safeguarding your critical assets strategy.
I found the article very useful and I have been able to implement this plan in less time and customized at some clients.
However, in the case that the small business owner decides to implement the plan himself it would be great to follow the recommended time span  it is also a way of not impacting the business operations significantly.
Filed Under: Small Business Tagged With: , , , , ,

Need help improving your online presence?

Fill the short contact form below!

*(denotes required field)



Have you signed up for updates yet? They're free.


Slideshow by webdesign