Small business owners may think that their firms are too small to be a target of hackers or malware authors. While it's true that most of the headlines related to security breaches mention large companies, that doesn't mean that smaller companies are exempt from security issues. On the contrary, because small businesses are often an easier target since they may not employ all of the security features typically present at larger firms.
Here is a short list of some of the important security features that need to be well employed at every small business.
Firewall: A hardware firewall has a single purpose: protect the network from unexpected network traffic. For smaller firms, a WatchGuard or SonicWall firewall device can manage routing duties, stateful packet inspection and many other protection features.
WiFi Encryption: Many small firms rely on wireless communications to reduce wiring costs and to utilize the convenience of device mobility within the office. However, leaving the default settings in place leaves the door (virtually) wide open. If a hacker sees a SSID (network name) of 'linksys', the hacker will treat that like a welcome sign since that is the default name for a popular brand of consumer-grade wireless routers. Consider hiding the SSID altogether. Furthermore, encryption settings are critical to protect your network. WEP is not good enough. Instead, look to versions that utilize WPA.
SSL Certificate: A Secure Socket Layer certificate provides for encrypted, trusted communication over the internet. In the small business environment, a SSL certificate is typically used for two reasons: secure communications for web-based e-commerce and secure communications accessing an internal server via the web. In the latter case, an SSL certificate is required to use Outlook Web Access on the most recent versions of Exchange Server, especially when used with Small Business Server.
Password Policy: Naturally, great infrastructure security can all be for naught if the company's password policy is too lax or not enforced. The latest versions of Microsoft's Small Business Server default to complex passwords (minimum 8 characters with 3 different types of characters that donít include the user's first or last name) and regular password expiration (180 days) with history. Yes, it can be turned off or relaxed. But, it only has to be changed twice a year so once you get it memorized, it wonít seem that difficult. After all, a decent password is the frontline to protecting the most undervalued asset in your entire organization: your data.