DALLAS SMALL TO MEDIUM BUSINESS (SMB) ADDRESS COMPUTER SECURITY ISSUESOffice Security 'Important Issue' Among Smaller Businesses, ITSPA Survey Reveals; H-P, Intel and Microsoft Security Products Ranked Best by Nation's IT Solution Providers

December 07, 2004 11:00 AM US Eastern Timezone

Office Security 'Important Issue' Among Smaller Businesses, ITSPA Survey Reveals; H-P, Intel and Microsoft Security Products Ranked Best by Nation's IT Solution Providers

DALLAS--(BUSINESS WIRE)--Dec. 7, 2004--The nation's small to medium-sized businesses (SMBs) rank office computer security among the most important issues they face, according to a member survey conducted by the Information Technology Solution Providers Alliance (ITSPA), a national, non-profit alliance that helps SMBs understand how technology and local technology providers can help them succeed.


The ITSPA survey, which polled IT solution providers across the nation, indicated members spent nearly 25 percent of their professional time resolving SMB security issues ranging from fixing viruses to upgrading computer firewalls. Solution providers--companies that help SMBs purchase, customize and install technology equipment and software to meet business challenges--also indicated their clients have been hit by hackers or viruses an average of more than seven times in 2004.

Manufacturers Meeting Security Needs

"Internet attacks are growing at more than 60 percent yearly and helping small businesses with office security issues is rapidly becoming priority number one among IT solution providers," said ITSPA President Russell Morgan. "According to the survey, hardware, chip and software manufacturers are viewed by solution providers as stepping up to help SMBs meet this challenge. For instance, an overwhelming number of members believe computer manufacturers such as HP are developing security solutions that meet individual customer needs.

"HP received top ranking in the survey for developing customer security solutions, and IBM, Toshiba and Gateway followed in that order," said Morgan. "Solution providers also said their customers give high marks to software providers such as Microsoft for providing specific--and regular--security information and computer upgrades. And they praised chip manufacturers such as Intel for CPU designs that improve system security."

According to the ITSPA survey, the majority of solution providers ranked the following five SMB security issues as "most important":

1. Upgrading the computer network
2. Upgrading the computer firewall
3. Carrying out regular audits of computer and software inventories
4. Downloading computer security updates
5. Installing up-to-date anti-virus software


"SMB decision makers are more aware than ever that they are just as vulnerable to security attacks, viruses and worms as big businesses," Morgan said. "They also are realizing that their security systems and processes must be just as sophisticated as those at larger companies, otherwise they will be vulnerable to attacks."

Survey respondents said the factor that had the greatest impact on protecting their SMB customers' computers and systems was regularly updating security software. "Based on the survey, SMBs that download security updates, install anti-virus software and lock down their wireless networks using data encryption are best prepared to avoid computer and network security breaches," Morgan said.

SMBs 'More Vulnerable' To Security Attacks

"According to ITSPA research, SMBs are more vulnerable to security attacks than larger companies," Morgan said. "Although SMBs are not attacked as often as large companies, they are very vulnerable when massive computer attacks take place such as worm or virus outbreaks. Also, security at large companies is much better than in the past, which encourages hackers to view SMBs as an easy target."

ITSPA's Technology Committee, made up of IT directors from the nation's most successful solution providers, urged SMBs to begin now to put in place basic security measures designed to prevent outsiders from breaking into their networks from the Internet.

"It's been my experience that SMB product preferences for protecting individual computers include Windows Firewall, a feature of Microsoft Windows XP Professional with Service Pack 2 (SP2), as well as Norton Personal Firewall from Symantec," said ITSPA Chairman Andrew Levi, whose company, Aztec Systems, is a Microsoft Gold Partner.

Other ITSPA Technology Committee recommendations included the following:

-- Install anti-virus software and update it regularly. This software scans incoming emails for virus signatures and, if a virus is found, deletes or quarantines it. It's critical to update this software regularly with new definitions because there are hundreds of new viruses each month.

-- Keep your office computers safe. Not all computer problems start with viruses and hackers, but instead originate with unauthorized computer users. Make sure office computers are protected by locating them in secure areas. Log serial numbers to ensure computers can be identified if stolen, and etch these numbers--as well as company information--on hidden areas of the computers.
-- Set up an Internet firewall. This is your company's first line of defense and protects your local network from outside attacks by screening and blocking all traffic between your network and the Internet that isn't allowed. The firewall also hides computer addresses and makes them invisible to outsiders. Installing a hardware firewall is simple as it connects between the cable/DSL modem and computers on your network.

-- Strong passwords are best. It's hard to remember passwords, but why make it easy for hackers by using weak or simple words? Never devise passwords based on your real name, username or company name, or use easily-guessed numbers such as 1234. Change your password at least once a month, and use passwords that are eight letters or more in length with lower- and upper-case letters, numbers and symbols.

-- Download computer updates regularly. Older computer systems, such as Windows 98 or 95, should be discarded in favor of Windows XP Professional, which is more robust and secure. Security updates are downloadable at office.microsoft.com/officeupdate. Sign up for Microsoft Security Update, a free e-mail alert service designed for small businesses that tells you when to take action and what software to download.

-- Teach employees to safely use e-mail. The first rule of thumb is never open suspicious or unsolicited attachments. Avoid responding to spam, too, especially links that claim you will be removed from the spammer's mailing list. The second rule of thumb is never provide credit card numbers, passwords or personal information in response to email messages. Finally, check regularly for email updates and be sure to install anti-virus software.

-- Make wireless networks secure. Because wireless networks, known as 802.11 or Wi-Fi, use radio links instead of cables to connect computers, they are more vulnerable to hackers. Easy-to-buy tools allow hackers to listen in or transmit data on your network. Several encryption technologies, such as Wi-Fi Protected Access, are available to prevent such eavesdropping.

-- Get security help from a solution provider. Although there are perhaps 100,000 IT solution providers nationwide, not all are knowledgeable or experienced in security services. Before hiring a solution provider, ask to have documented the levels of security expertise. At a basic minimum, the company should have a Certified Information Systems Security Professional (CISSP) on staff. Ideally, the company also will have a Microsoft Certified Systems Administrator (MCSA) on staff, as well. Finally, look for solution providers that have a CompTIA Security+ Certification, which measures security competencies.

-- Perform quarterly security assessments. Have a reputable IT solution provider ensure that any current computer/network vulnerabilities are identified and remediated.

-- Build legislative requirements into security plan. Be sure your security plan includes appropriate legislative requirements associated with Federal Acts such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA.

About ITSPA:

ITSPA, the Information Technology Solution Providers Alliance, is a non-profit (501.c.6) organization dedicated to helping small and medium companies adopt technology and grow by using local solution providers to solve business problems. SMB customers, solution providers, along with manufacturers, publishers and networking companies who use the solution provider channel, are expected to benefit from the demand for technology generated from its programs. ITSPA began operations with a funding grant from HP. Additional sponsors can be found at our website. ITSPA's national headquarters are located at Renaissance Tower, 1201 Elm Street, Suite 4242, Dallas, TX 75270. The general business phone number is 214-965-8310. Visit our web site at www.itspa.net.

Contacts


ITSPA, Dallas
Jim Van Orden, 972-231-2575
jvanorden@itspa.net