• How to Buy a Motherboard
• Mozilla's Firefox 3 Sets Geeky World Record
• Canadians Blast iPhone Pricing
• Windows XP: Dead or Just Resting?
• Hands On: 12 Quick Hacks for Firefox 3

• PC World
• Business Center
• Security
• Data Protection
• How-To

Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices.

What's more, while yesterday's attack activity consisted of a single compromise aimed at gaining access to the data on a computer, current attack techniques are multi-staged. Hackers use their initial compromise to establish a beachhead from which they can launch subsequent attacks.

With an estimated 1.25 billion Internet users worldwide, according to Computer Economics, cybercriminals have never had a bigger pool of potential victims from which to choose.

While these current threat trends should give any Internet user pause, they can be particularly worrisome for small businesses. After all, with confidential business information at risk yet limited IT staff on hand to focus on security, small businesses must be very vigilant. To that end, by putting in place multiple layers of defense, small businesses can protect their assets from increasingly complex, multifaceted threats.

An Actionable Plan

A sound security plan is the first step towards a multi-layered defense. To develop a plan, the company must assess its most important assets, identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan into action.

Email is a prime example.  It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting email against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies. These include antivirus and antispyware software, content filtering, and firewalls.

Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop.

Tiers of Protection

The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Outgoing mail is also checked to prevent viruses and inappropriate content from being sent from the company's email addresses.

Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution should work together with the email program to provide a greater degree of protection against malicious code.

One of the most convenient and hassle-free ways to protect servers and gateways is to use a security appliance. These preconfigured and tuned, self-contained units are easy to integrate into an existing network, and they work together with the email server or gateway. Known for their quick setup and low maintenance, appliances automatically perform a number of critical security tasks, including updating firewall rules and virus signatures, and can provide extensive reporting and personalization.

Desktops and laptops are one of the most important tiers to protect. These systems should be outfitted with a combination of security technologies, and many integrated security suites are available that provides antivirus, antispyware, firewall, intrusion detection, and other critical capabilities. Emerging suites are also offering identity protection capabilities as well as browser and phishing protection.

Reduce Vulnerabilities

Even with the use of security technologies, small businesses can be open to attack by malicious users. New vulnerabilities-that is, design or implementation errors, usually in software and applications-appear every day. These vulnerabilities may be triggered passively during routine system operation or actively either by malicious users or even automated malicious code.

According to the most recent Internet Security Threat Report from Symantec Corp., nearly 2,500 vulnerabilities were documented just in the first six months of 2007. Vulnerabilities in Web applications and Web browsers represent one of the most serious security concerns for businesses as well as consumers. Malicious code designed to exploit such vulnerabilities are a threat to confidential information

Consequently, it is essential that small businesses keep their software and applications up-to-date with the latest patches. Updates to everything from Microsoft Office applications to new operating systems should be routinely checked for and downloaded. These patches and updates can be found on the specific vendor's website and their installation is particularly critical after a new product is released.

Educate Staff

Security-aware employees can be one of the most effective deterrents to malicious threats. After all, the company network is only as reliable as its weakest link, and too often users do not understand what best practices are regarding computer security. They may not follow guidelines for opening email, creating and using passwords, and more.

To that end, small businesses must document correct security practices and provide training sessions and reminders to help employees practice safe computing. Such education and training sessions should direct employees to avoid installing unapproved software and to be sure to get approval for any programs they need. Security risks may inadvertently be installed on computers along with the installation of file-sharing programs, free downloads, and freeware and shareware versions of software.

Employees should also be advised to never turn off antivirus and other desktop or laptop security solutions and, if such programs are creating a conflict, they should request help rather than disable the security application.

Employees should also be informed of correct email practices-that is, they should never view, open, or execute any email attachment unless the attachment is expected and the purpose of the attachment is known. They should also avoid clicking on links in email messages.

Finally, employees should ensure that their passwords are a mix of letters and numbers, and they should change them often and keep them confidential.

Back It Up

Small businesses can lose important data through inadvertent actions or unforeseen natural disasters. Consequently, it is important to protect this data by backing it up on a regular basis.

Today's disk-based backup solutions require little effort after initial setup and enable businesses to maintain backup files on an offsite server as extra protection should any physical damage occur to the business. By backing up business data, small businesses make sure they have access to important records at any time, even in the wake of a security event or other disaster.

As security threats continue to increase in frequency and complexity, small businesses must be vigilant and proactive in employing security measures. By implementing security solutions at multiple tiers, patching vulnerabilities, educating users, and keeping critical data backed up, small businesses can continue to leverage computer technology to keep their businesses competitive in an increasingly sophisticated digital marketplace.

This story was editorially selected as relevant and is used with permission from Symantec. PC World received no compensation for posting this article.