MALAYSIA COMPUTER SECURITY FOR SMEs The Star Online : TechCentral - Malaysia Technology: "Internet Security for SMEs

By ANDY MILLER

Security has become the biggest networking headache for companies, as IT and data network managers daily fend off spam, virus, phishing, spyware, trojan, keylogging and other attacks.

To address this, companies large and small alike, need to deploy a layered approach to security, starting with the basics. A datacentre, for example, should have a firewall, intrusion detection, secure authentication, physical security, and a backup mechanism.

Similar principles apply to SMEs and independent operators: they must make sure their data is secure, backed up and protected from viruses and other attacks, and their transmission of data must also be secured.

Computer users often are unaware of the potential value to criminal hackers of their own data. A credit card number or driver's license kept unsecured in a machine makes an attack worthwhile for thieves.

But computer security means more than just having the right software programs installed.

Individual behaviour is just as important.

E-mail encryption

When transmitting to a customer, don't just say "fill this in and send it to me by e-mail." Use encryption with your e-mail or set up a virtual private network (VPN) for your customers to access your company.

Encryption software scrambles material so those who don't have authorised access cannot read it; and it comes in many forms.

Individual files, folders or the whole hard disk, can be scrambled.

Some can make files invisible, including those on removable media.

Most operating systems already provide some encryption, but better and stronger encryption software can also be downloaded.

Don't forget to also encrypt e-mail folders - both in transit and when being stored on a computer. If your clients cannot use encrypted e-mail, consider using SSL VPNs to encrypt data in transit without having to install any software on your clients' PCs.

Downloads:

Cryptainer, which locks files and folders www.cypherix.com/cryptainerle/

LockMyPC, which encrypts an entire disk, and Hide Folders www.fspro.net/products.html

Pointsec solutions for PC, laptop and handhelds www.pointsec.com/core/default.asp

SecExMail Secure E-mail www.download.com

Physical security

The most basic of all measures is physical security. Look after your devices.

Take care of your laptop, your PDA and your CD-ROMs and removable storage disks that hold sensitive data. Ask yourself what might happen if your desktop PC is stolen or you leave your laptop in the back of a taxi.

For basic security, make sure you have password access to the device. A non-obvious password can be effective protection from amateur thieves.

However, professional thieves can get around the password by scanning the hard disk files directly which is why the data would be more secure encrypted.

Also, make sure you back up your data frequently either onto a CD-ROM or storage disk, and keep these in a secure place.

Online backup services are also available.

However, most criminal activity comes via the network rather than in the form of a thief physically stealing a computer.