Wednesday, May 6, 2009

Small Businesses Need Big Security for Documents, IP, Records, and Communication

Full article at http://www.powerhomebiz.com/News/052009/smallbiz-security.htm:

Jason Miller never believed that he would need any additional security for his six sigma corporate consulting business. He had most of his business files stored safely on his laptop, which only he had the password to. He rarely kept documents in hard copy form, and even those were locked away safely in a file cabinet inside of a locked office. When sending files, instant messages, and presentations over the internet, he trusted they would get to their final destination. Why shouldn’t he, considering millions of americans do the same thing every day?His false sense of security was compromised on March 9th, following a visit to a local coffee house. During his visit there, he logged in with their free WiFi service, and conducted his business in true teleworking fashion. He sent several emails, updated his company payroll data, sent several instant messages, and distributed previously prepared reports to three different clients. Little did he know, a prankster had placed a “sniffer” on the WiFi network, and had compromised all of his typed communications for that hour, along with sent files, and email addresses.

By 10:00AM in the next day, his business was in tatters. The prankster had posted all three reports online, and notified the business contacts of that fact. Two of them had cancelled their contract with him citing gross negligence and a breech of confidentiality. The prankster had also sent a copy of his payroll report to the entire company, causing 2 of his consultants to quit over the recently discovered pay descrepancies. Sadly, it could have even been worse, had his financial institution log-ons also been compromised.

Many small businesses are finding out this lesson the hard way, and very few are guarding against it. This is especially critical for companies who deal in personnel records, financial data, health records, technology IP, planning, consulting, and anything else that is sensitive or jeapardizes their companies reputation. Many companies who lose data also find themselves receiving fines so large that it single-handedly forces bankruptcy.

HOW TO PROTECT YOURSELF:

If you never share files over the internet (email, IM attachments, etc..) you have to focus on “hardening” your laptop, with one of the known vendors in the industry. The key, is finding a solution that has 128-bit AES level security built in, so that if your laptop is compromised, all data stored on the harddrive is scrambled and encrypted. At that level of security, there isnt a single document which can be deciphered by a snooping thief. (www.PGP.com, www.guardianedge.com, www.safebit.com, and www.mcafee.com are some of the many vendors who sell this type of product)

If you share some files over the internet but do not send very many communications, you can compliment your disk protection with the use of a VPN solution to “harden” your pipes. Some VPN solutions for small business are (www.smallbusinessvpn.com, www.strongvpn.com, and www.openvpn.com)

If you share files over the internet, and send communications as well, you can use VIA3 from www.viack.com to protect everything you send from point to point. VIA3’s AES level 128 bit security can protect your instant messages, online presentations, online demos, online training, group chat, workspaces for document sharing, and removes the need for a VPN.

WHAT IS AES?

According to the Web Conferencing Council www.webconferencingcouncil.com , Encryption is the process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key (password). AES stands for Advanced Encryption Standard. AES is a symmetric key encryption technique which will replace the commonly used Data Encryption Standard (DES).
It was the result of a worldwide call for submissions of encryption algorithms issued by the US Government’s National Institute of Standards and Technology (NIST) in 1997 and completed in 2000. The winning algorithm, Rijndael, was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. AES provides strong encryption and has been selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197), and in June 2003 the U.S. Government (NSA) announced that AES is secure enough to protect classified information up to the TOP SECRET level, which is the highest security level and defined as information which would cause “exceptionally grave damage” to national security if disclosed to the public.