• PC World
• Business Center
• Security
• Data Protection
• How-To

Never before has the World Wide Web looked more like the Wild Wild West. Cyber attackers lie in wait for unsuspecting users who happen upon an infected website or use an infected application. The sophistication of hackers' tools and methods has reached new heights, and a thriving underground economy provides them a forum for buying, selling, and trading their malicious wares. Attacks seem to come out of nowhere, anywhere, or everywhere-even while customers are in the middle of a virtual business transaction with their trusted bank or supplier.

In recognition of these challenges, large enterprises are devoting time and resources to providing their customers with technologies and services aimed at mitigating risk. But how should small businesses respond? With fewer IT resources on hand and limited security expertise, a judicious approach to protection is imperative.

By employing a combination of effective and efficient technologies together with no-nonsense practices, small businesses can maximize security while minimizing the potential for attack or data loss.

Sound Policy

Protecting information assets begins with a solid security policy. This policy should document how information is handled, whether client records, customer data, financial files, or any other category of data. For example, certain documents may require password protection or encryption, and user access to specific categories of information may require monitoring. Employees need to be instructed on the security policy and prevented from turning off security measures such as antivirus or firewalls on their desktop or laptop computers.

Security policies should also identify safe practices for handling email. Such practices include not opening attachments unless they are expected and come from a known and trusted source. Another important reminder to share with employees is that clicking on links or attachments in email or IM messages may also expose their computers to security risks.

The company security policy is also an appropriate place to establish guidelines for Internet use. The policy should inform or remind employees that security risks are often automatically and secretly installed on computers when the user installs a file-sharing program, free download, or freeware or shareware version of software. Employees must understand that only applications approved by the organization should be deployed on their desktop computers.

Protective Technologies

Small businesses have a wide variety of security technologies available to protect their servers, gateways, desktops, and laptops from current and emerging threats. These include antivirus, antispyware, intrusion detection, and firewall software. What's more, these technologies should be deployed at multiple tiers of the company's IT infrastructure to ensure that both incoming and outgoing threats that evade one level of protection are stopped at another.

A number of endpoint security solutions are available in business packs that make protecting multiple desktops and servers more cost-effective. In addition to detecting and removing dangerous viruses, worms, and Trojan horses, these solutions automatically block spyware installation, detect and remove stealthed spyware, and even provide web-based reporting.

Also available are tools that combine antivirus and firewall capabilities to eliminate malicious code and block online intrusions through one integrated solution. The graphical reporting, centralized management, and automatic protection updates these solutions offer make it easier to defend desktops, laptops, and file servers against known and emerging threats.

Security tools for handheld devices can also help small businesses safeguard their information. These technologies find and remove viruses on smartphones and other handheld devices and include a built-in firewall to block unauthorized access. These solutions are often offered both as a service and as a traditional product.

Another security option to consider is a hosted mail security solution to protect against spam and viruses. Often offered on a subscription basis, these types of offerings give small businesses enterprise-strength antispam and antivirus technologies in a quick, easy, cost-effective service.

A final component of a strategy to protect business is vulnerability management. Vulnerabilities in software are discovered and exploited every day, making it critical to keep applications up-to-date with the latest patches. Software vendors typically make these updates available for download from their websites, and these sources should be routinely checked so that patches can be installed as quickly as possible after their release.

Backup and Recovery

Protecting data also requires tools that enable small businesses to back up and quickly recover data in the event of a security incident, natural disaster, or simple user error. A disk-based backup tool is usually the easiest and most hassle-free solution. Although tape has dominated as the backup and recovery medium of choice for years, advances in disk-based backup technology make it a faster, cost-effective, and more efficient and flexible alternative to tape.

At the same time, continuous data protection capabilities augment the benefits of disk-based data protection by enabling small businesses to ensure that data is always protected. By eliminating the traditional backup window, these tools also give small businesses instant, granular recovery capabilities. Solutions have emerged that not only enable data recovery but also system recovery, complete with operating system, applications, patches, system updates, configuration settings, and more.

With these new tools, small businesses can restore systems even if new or repaired hardware is not yet available and, instead, restore to a virtual environment. Then, when hardware becomes available again, the same systems can be restored from a virtual machine back to a physical one-without impacting business continuity.

These backup and recovery mechanisms should be part of an incident response plan that anticipates possible challenges and details the most appropriate response for minimizing data loss and getting the business back up and running as quickly as possible.

As the Internet's untamed territory continues to draw the attention and activities of cyber outlaws, hackers, and the like, small businesses can defend against information theft and business disruptions by putting in place an actionable protection strategy.

By creating and enforcing a solid security policy, and then supporting it with technologies and tools for data protection and business continuity, small businesses can safely take advantage of the opportunities the Internet has to offer and thrive in today's highly competitive digital world.

This story was editorially selected as relevant and is used with permission from Symantec. PC World received no compensation for posting this article.