21 November 2001

In a recent court case in Sydney a former systems administrator pleaded guilty to deleting routing tables and system files on a computer system. This shows what the greatest risk to your business data is: You and your staff.

While the risk of an evil hacker breaking into your network or of a virus wiping your data is real. The biggest risk is users accidentally wiping important data. The second biggest risk is malicious damage by staff.

While most small businesses are not exposed to losses like greengrocer.com.au, who claim to have lost 136,000 dollars as a result of their former system administrator's actions, losing all your business data would be catastrophic. There are steps you should take to reduce the risk.

Password protection

With a network you should have some sort of security in place. For instance on a Windows 95/98 or Apple network you might have the shared accounts or staff record files password protected so only those with the password can access those files. The main reason for this is to prevent people accidentally deleting or altering files. If you have proper server systems such as Windows NT/2000, Unix/Linux, Netware or Apple IP then you can allocate proper access rules and privileges.

Even if you are running the most secure systems and have different level passwords for different groups you are still at risk. If your accountant or bookkeeper leaves on bad terms they will have access to the accounts. If, as in the above court case, your system administrator leaves then they probably know all your
administrative passwords.

Encrypting files

Files encryption programs, including the features built into Windows 2000 and XP Professional have their uses, particularly for laptop users. But as an office security feature they are not a perfect solution. The danger with them is that the password on frequently used files becomes common knowledge in an office. If you do use encrypted files, make sure they are backed up in an unencrypted form and never, ever forget the user passwords.

The Internet

Internet access presents risks of its own. This is where the most publicised breaches and scares happen. You should have a firewall on your system, anti-virus software installed and a server should not be directly connected to the Internet.

The most common problem for small business is that staff know the Internet access passwords. This allows anyone to access the Internet using the businesses account and gives any staff member the ability to access the businesses' e-mail. It is essential that Internet access passwords are kept confidential.

Remote Access

Allowing users to log in from outside the office is a great advantage, it allows the boss to update the books without having to come into the office. It allows staff to access documents and records while on the road or from home. The problem is that it is also a security risk.

All remote access should be granted only to those who need it and each person should have their own password. No-one should have a blank password and there should be no default, guest or any other generic accounts available. When a person leaves your business disable their remote access account immediately.

When a staff member leaves

Most staff wouldn't think of damaging your business on leaving, but some might. Once a staff member leaves, it is essential to change any passwords that person used. It is also a good idea to make a backup of the data they use as soon as practical after they give their notice.

If your business's passwords are based upon kids or pet's names, people's birthdates or car registration numbers, then you are at risk of an ex-employee, contractor or even competitor being able to access your system. Make sure your passwords are sufficiently obscure to make getting into your important files difficult.

Backing up data

While you can make it harder for people to access your data it is impossible to be completely secured. You have to backup your data. Backing up not only protects you from disillusioned staff, but also from all the other misfortunes that could affect your small business network. Getting a backup system is not a luxury but a necessity, we discuss backup systems in a previous small business help desk.

It is impossible to guarantee that your data will always be safe. By following a few basic precautions you can reduce the likelihood of losing data. Remember that your hardware and software can be replaced, your data cannot.