Search:

How can I protect my small business from e-terrorism?

The California Society of Certified Public Accountants suggests that small businesses take the following steps to protect against the effects of e-terrorism, random hackers or virus passers. These suggestions were compiled from CPAs throughout California who are systems and business consultants:

  1. Do not put sensitive information on a PC running windows that is always and directly connected to the internet through a fiber-optic cable or DSL line.

  2. Put a properly configured firewall between your office machines and the internet. A firewall will keep outsiders from seeing or poking-at your office machines, especially when you're not around.

  3. Keep your own website completely separate from your sensitive business information. Have an Internet Service Provider maintain your Web server and assume that this machine will be hacked into sooner or later.

  4. Never download and run a program from the Web or received as e-mail attachment unless it comes from a reputable source and you have a really good reason for running it.

    4a. Assume that every floppy or program you get from the "outside" is ridden with viruses, unless you have reason to be certain otherwise.

    4b. Separate business from pleasure. If you want to run screen savers, games, or other downloaded software, do it on your "fun" machine (perhaps at home). Make sure your staff does the same.

  5. Don't use Internet file transfer protocols telnet or FTP (though anonymous FTP is ok). These protocols send passwords used to log onto remote servers in clear text over the internet. If you have to log onto other machines on the Net, use encryption products such as SSH Secure Shell, easily down-loadable from the Web.

  6. Regularly use commonly available virus scanners such as Norton Antivirus to catch bugs that make it into your system.

  7. Configure your PCs not to boot from floppy or CD. They should always boot from the hard-drive directly. Viruses are often lurking on floppy disks and CDs.

  8. Get a systems pro to verify your setup is secure.

  9. If suppliers are attacked and cut off, be sure you have fall-back arrangements with other suppliers to ensure your business isn't interrupted.

  10. Review your business interruption insurance policy and be sure it doesn't explicitly exclude cyber or e-terrorism as causes of loss.

Have a question for a CPA? Ask it here.