Lock down your computer security

goldkey1Something all business owners face from time to time is an employee who doesn’t work out. And every so often, one of these employees turns vindictive. As a tech consultant, I’ve heard stories that blow my mind, things I never thought someone would really do.

Possibly the worst – an ex-employee from an internet service provider wiped out all their email. When I say all their email, I mean ALL their email, including all their customers’ email! Not only did the company pay, they lost tons of business and had to work their tails off to make good with all the rest who stayed. No lawsuit makes up for that kind of damage.

While we like to think we work with good, trustworthy people, what if we don’t? Financial motivations in this economy are leading to a steep increase in employee data theft. What if one of our employees is angry and wants to get back at the boss? A dissatisfied employee can very quickly cause serious damage by deleting data files, corrupting your financial records, or downloading viruses to your network. A good security policy is a necessity.

Secure confidential data files by setting up password-protected directories. Take advantage of built-in software capabilities to designate specific users for any software with sensitive data (financials, social security numbers, credit cards, etc.), and limit access so they have just what’s needed to do their job. Change your firewall settings to limit Internet downloads. And most important – promptly remove security access for any employees who leave your company.

You’ll have to balance safety versus productivity.  Too much security can cause administrative headaches, creating employee frustration that eventually may lead you to remove important security settings. However, it’s far better to spend a little time being proactive than to find out the hard way you should have been more careful.

Nice (server) rack!

serverrack1When you first buy a server, you’ll probably get what’s known as a tower server. It’s in a case that looks very much like any other PC case. It might be a little sturdier than most, but otherwise it’s not that different.

As your computer infrastructure expands, you’ll start to acquire more hardware, like a big switch, a high-end firewall or security appliance, maybe a better phone system, another server or two along with a KVM so you can use the same keyboard/monitor/mouse, and a bigger UPS (uninterruptible power supply).  Suddenly you have more equipment than space.

That’s when it’s time to look at getting a server rack. It allows you to store a lot of equipment in a small space.

Most business-class equipment can be mounted in a rack, although you may need a shelf for those tower servers you bought. When you upgrade them, look into a rack-mount server instead, which will be sized to fit into your rack. You may see terms like “1U,” “2U,” etc. These refer to the height of the equipment in your rack. The bigger the number, the bigger the equipment.

Keep your rack in a well-ventilated room to avoid trouble with overheated equipment. Racks pack equipment in tight, so keeping the server room cool is critical.

Racks also provide a level of security, as most can be locked. The ideal is to keep your rack in a locked server room, but in smaller offices where this isn’t an option, a locked rack (or even a shorter “half-rack”) will help.

Are you PCI compliant?

Credit cards accepted hereIf you accept credit cards, whether online or in-person, you are required to meet PCI compliance standards. These regulations have been around a while now, although it seems that many small business owners aren’t yet up on the latest. Don’t get hit with steep penalties for any security breech–learn more about compliance now, before it’s too late.

The regulations center on protecting credit card data, which includes secure storage, encrypted transmission, limited access, and more. E-commerce and point-of-sale solutions are impacted, along with anyone else who stores credit card information for any reason.

You can find the full requirements here:
https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf

This guide speaks to the requirements in plain English:
http://www.pcicomplianceguide.org/aboutpcicompliance.html

And this video, produced by the Retail Solutions Providers Association, provides an inside look at how these regulations have devastated a number of businesses who weren’t prepared:

The bottom line? If PCI applies to you, take measures now to ensure your company is protected.