Your company’s financial and job data is critical to the ongoing success of the business. It is important not to take the safety of the data for granted. First, the basics: Firewall and antivirus should be installed on the server and every PC, along with a corporate email spam filter. So far, so good. You are about 75 percent protected. This is analogous to locking your car, but leaving a window rolled down. All businesses today are prime targets as it is nearly impossible to be 100 percent protected.
THREATS TO DATA
The reason your antivirus definitions are typically updated daily is that the bad guys are always one or two steps ahead. The bad guys will change their virus or Trojan to avoid detection by the antivirus software, test it, then send the new virus out to millions. Some PCs will get infected; then the PC will start acting strangely, resulting in possibly having to format and reload the PC.
A virus can spread across all PCs sharing a network in minutes. Or, if a Trojan was installed, it can “pump” all of your company data out to the bad guys, or even allow them to see your screen and what you are typing. If you have a camera, they can watch you, all undetectable to you and your antivirus software. Once in place, Trojans largely go undetected until their work is done.
Another threat is something called ransom-ware; it will take over your PC and encrypt the data contents, presenting a message that your PC will be unlocked if you send them several hundred dollars. Whether you send money or not, they will most likely never unlock your PC. Hopefully you have a recent backup. Ransom-ware can also spread to other PCs in your office in a flash.
This is all scary, but quite real. Any sense of total protection you have is false hope. All of these “attacks” come in through the Internet, mostly from email or browsing. You could unplug your company from the Internet for the highest level of protection, but today it is nearly impossible to run a business without it.
By far, email is one the most dangerous risks today. Your employees are likely bombarded by tens, if not hundreds of “junk” emails a day. Spam filters help cut out a large percentage of these, but the bad guys are always one or two steps ahead of the spam filters.
In addition to damage to your company’s PCs and servers, your business is liable for damages to other businesses and customers that occur as a result of a data breach at your company. For example, the big Target credit card hack last year was determined to be caused by an HVAC contractor being hacked. Granted, you could not anticipate that large of a liability, but it can happen.
Today many companies are opting to use cloud software, in the form of software as a service (SaaS), for core business functions. Cloud software along with storing your critical data in the cloud can be much safer than running your software locally. For example, JOBPOWER Cloud is a full-featured job cost accounting, job management, payroll, and document management system. JOBPOWER Cloud is delivered from a professional data center that meets high data security standards utilizing an enterprise level data security process, including prevention, detection, and appropriate reaction to security incidents. The data center is SSAE 16 (SOC I type II), PCI DSS, HIPAA, TIA 942 Class 4 compliant. The bottom line is: This type of data center utilizes IT professionals, resources, and equipment that no small- to medium-size business (SMB) could afford, to protect your data.
Check antivirus software on a regular basis, make sure it is turned on, and kept up-to-date. Activate the continuous protection, email protection, and schedule a full scan at least weekly. Best practice is to use one vendor for server and all PCs that provides server-based administration and monitoring reports.
- Ensure a firewall is turned on in each PC and server, whether using the built-in Windows® firewall, or the one that comes with your antivirus software.
- If your email service doesn’t include an effective spam filter and antivirus scan, you should add that service. If your provider does not offer, there are several online spam filtering services you can subscribe to. It is best to do a one month trial, to make sure it works for you.
- Employee education in this area is vital. If you are not expecting the email, or don’t know who it is from, or the email address does not match the name of the sender, or it sounds too good to be true, don’t open it, just delete it. All employees should use complex passwords and change them on a regular basis. Utilize password policies where available to enforce this. Watch out for emails with attachments. PDF attachments are generally safe; other types of attachments have greater degrees of risk.
- Consider utilizing a cloud-delivered software, such as JOBPOWER Cloud, so critical business data and the security of it is professionally managed. Your data also remains isolated from your email system and Internet browsing.
- Add an insurance endorsement to your business policy, or better yet purchase a separate Cyber policy that protects your company from liabilities and damages to your business, your customers, and employees, should your data be hacked.
In conclusion: The larger your company and focus on IT, the larger the amount of resources you can place in data protection. Network architecture, domain/server access roles, and administration are important pieces as well. Better protection reduces, but does not eliminate, this growing threat. ■
About The Author Rick DeLand is vice president of Applied Computer Systems, Inc. developer of JOBPOWER Software. JOBPOWER was developed specifically to meet the accounting and job cost needs of contractors and has thousands of users across the United States. Located in Knoxville, Tennessee, JOBPOWER has been helping contractors for 30 years. For more information, call 800.776.6556, or visit www.jobpower.com.
Modern Contractor Solutions, September 2014
Did you enjoy this article?
Subscribe to the FREE Digital Edition of Modern Contractor Solutions Magazine!