High tech securityData loss and network downtime can spell financial disaster in any businessStory by Jessica La Plante-Wikgren EACH YEAR, CYBERCRIME COSTS BUSINESSES and consumers more than $100 billion in damages and losses. Data security and data storage is an issue that is too often overlooked when business owners contemplate threats to their financial security. Securing local networks ACCORDING TO THE NATIONAL ARCHIVES – the federal government’s record management agency – 93 percent of businesses that lose their data centers for 10 days or more file for bankruptcy. Of those that file, 50 percent do so within the first week of the incident. While most businesses have firewalls and anti-virus protection in place, too many companies let that security lapse by failing to keep technology up-to-date or failing to upgrade network security as their computer system grows. Paul Molchany, an Appleton-based commercial sales manager for Time Warner Cable Business Class, said it’s not uncommon to see small businesses using McAfee and other security suites designed for home computing. While such programs provide ample protection for home users, some programs designed for home use are missing core features needed to safeguard business data. To help small and medium-sized businesses beef up their PC and network security, Time Warner Cable launched its managed security services in 2004. Time Warner offers three levels of network security to meet the needs of business customers with limited IT resources. The basic package lets a business user manage the security service online and view threat-analysis reports through a Web portal. “We have a sophisticated method of monitoring threats that are coming in,” said Cory Feidt, resident network engineer for TWC’s Wisconsin network. “The program interprets and deciphers (threats) and assigns levels of priority.” Interpreting the urgency and severity of a security threat based on raw data is one of the greatest challenges of network security, especially for small businesses without dedicated IT personnel. TWC’s software simplifies that process by translating unrefined data into easy-to-read graphical reports and classifying threats by severity. The company’s advanced security solutions go one step further, providing active monitoring and intervention by TWC’s security experts. Every time a threat occurs, TWC will contact the business owner and provide technical support. If the customer is not available, TWC will intervene on the customer’s behalf to resolve the threat. Time Warner Cable’s managed security products reflect a growing trend within the IT industry. As hacking attempts become more sophisticated and small businesses need tighter security, more Internet service providers offer customers complete security solutions for a flat monthly rate that includes installation, automatic updates, and access to 24-7 technical support. TDS Metrocom also offers its business customers a no-fuss network security solution. With TDS’s Network Defender program, maintaining a high-performance firewall on carrier-grade, Cisco equipment is as easy as logging in to a Web site. The firewall is pre-installed on the routers and gateways TDS supplies to its customers. To activate the service, a business only needs to subscribe to Network Defender and set up security policies using an online interface. A TDS employee walks customers through the set up process the first time they log in. The firewall is constantly being upgraded through automatic updates that ensure a business never falls behind the technological curve. Customers can view network traffic and security reports through a Web portal that logs any unauthorized attempts to access the network. “You can see all that information real-time wherever you’re at,” said Scott Meier, managed services product manager for TDS. The service also includes bandwidth monitoring. Because the firewall resides on the telecom’s equipment and is backed up on its central server, TDS can provide technical support without having to commute to the customer’s location. TDS receives notification of any security events that occur and can assist business users when an attack or threat does occur. “We want small to medium businesses to focus on their business and not (worry) about whether the network will work today,” Meier said. Purchasing network security services through an Internet service provider has become increasingly popular with small businesses, partly because a fixed monthly fee makes it easier for businesses to forecast their IT budgets. By comparison, trying to achieve the same results in-house could quickly result in runaway costs if a business is not careful and tech savvy. “We’ve protected our core network for years like this and now we’re trying to bring that expertise down to the customer level,” Meier said. One of the potential costs of trying to do network security in-house is the risk that a security hole would be overlooked, leaving customer data unprotected or under-protected. Once customer data is lost, stolen or compromised, a business is obligated by law to notify all affected customers. “Most security breaches come down to human error – either an employee not following guidelines or not configuring the network correctly,” Meier said. In addition to offering a complete network security solution, TDS has partnered with F-Secure to deliver a PC security suite for small businesses and residential customers. A combined anti-virus and anti-malware program, PC Defender is included with all TDS business-class broadband subscription plans and is also available as a standalone product. A backup plan EQUALLY IMPORTANT AS NETWORK SECURITY is preventing data loss due to hardware failure or natural disaster. Traditionally, small to medium-sized businesses were forced to use a manual, tape-based backup system that was expensive and required off-site storage in a controlled environment. “A tape backup solution is very costly for a small business,” Feidt said. “For a business with one to five PCs in a network, it’s not a cost effective solution.” Online backup and data storage is a low-cost alternative that is rapidly gaining a following among small businesses. Without breaking the IT budget, companies can automatically back up data online and store encrypted data on secure, offsite servers. Time Warner offers its clients a cost-effective backup utility and storage product called SmartDrive. Although backups are performed automatically in the background, the customer maintains complete control over the process. Using a Web-based application, the business owner or administrator decides how frequently backups should occur, which directories or folders are copied, and whether employees have the right to access the data online. One gigabyte of SmartDrive storage is included with all Time Warner Cable Business Class broadband subscriptions. Above that threshold, a monthly fee is charged based on the volume of data stored. “SmartDrive allows businesses to back up important files and directories; once they’re on our servers, all the files are encrypted,” Feidt said. Accessing data anywhere In addition to the peace of mind that backup provides, another advantage of using an online service is the convenience of accessing mission-critical data anywhere there’s an Internet connection. MozyPro is more than just a backup utility, but a Web-based file-sharing system, said Devin Knighton, public relations director for Mozy.com. Two years ago, Mozy released a business version of its popular backup utility that now serves more than one million users worldwide. Today, MozyPro provides affordable backup and remote storage to more than 40,000 business users. A MozyPro software license costs only $3.95 per month per computer, and businesses are charged 50 cents for every gigabyte of data stored on Mozy’s servers. From a Web-based administrative console, “you can manage between five to a few hundred computers,” Knighton said. “You can see who is backing up data, when they’re backing up and you can set permissions.” Using the online console, businesses can set specific criteria for backing up files. For example, “you might want to set a policy that nobody can back up music files except maybe the advertising department,” he said. Mozy manages more than “15 million gigabytes that are stored in disks and hard drives,” Knighton said. “We have redundancy built in, so we can lose a whole stack of disks and still be able to recover your information.” The company prides itself on maintaining high security standards. Mozy uses the same encryption technology employed by financial institutions to transmit sensitive data. As more companies warm up to the idea of “cloud computing,” Web-based data storage has the potential to solve the data security dilemma posed by laptop computers and mobile devices. “A lot of business (assume) if they set up a central server and set a policy, employees will store their files on the server and their business information is safe from any disaster,” Knighton said. Knighton shares a dramatic example of how an online backup service can help businesses monitor and access files created or modified on laptops. Thanks to MozyPro’s automatic backups and online reporting, a Michigan business owner recently apprehended a thief who had broken into his office building and stolen his laptop. Because MozyPro performs automatic back ups whenever it is connected to the Internet and detects new or altered data, the laptop thief unwittingly disclosed his identity when he saved personal photographs and files to the computer, not realizing that MozyPro was quietly copying and transmitting those files in the background. The business owner was able to retrieve that data through Mozy’s administrative Web portal and gave police not only the suspect’s name and phone number but also an identifying photograph. As a result, the suspect was apprehended and the laptop was restored to its rightful owner. Data recovery dress rehearsal While having a backup program in place is important, developing a recovery plan is an equally essential step, said Glen Orsburn, chair of Fox Valley Technical College’s information technology department. Orsburn compares a backup routine to practicing football but never playing a game. How do you know how good you are unless you put practice into action and test the effectiveness of your game plan? “Most companies will have a backup plan and maybe even a recovery plan but do they ever put it into action?” Orsburn said. “Do they ever try to recover? Probably not.” Orsburn stresses the importance of not only disaster recovery planning but also performing data-recovery drills. To test a backup system, “try recovering information from two weeks ago,” Orsburn said. “How much time did you lose? If you try to recover it manually, you start realizing how important that data is to your (ability) to function.” Businesses also should ask themselves whether they can retrieve data in a usable format. “Periodically, you should be testing your backups to make certain that you could actually restore,” Orsburn said. “If you’re not testing, how do you know what you’re really doing?” To protect data from natural disaster, businesses that use tape-based systems should store the backup tapes in a climate-controlled, offsite facility. Orsburn recommends hiring a contractor to assist with transport and storage requirements. Investing in a backup system is a major decision that should not be taken lightly. Before committing to a backup solution, companies should network with other businesses to research what they’re doing. In addition, the Association of Information Technology Professionals is a fountain of IT knowledge and networking opportunities. When shopping online, don’t settle for testimonials. Ask for references you can personally contact and investigate the company’s background before you commit. “A small business has just as much to potentially lose as a big business,” Orsburn said. Being able to quickly recover mission-critical data “could be a matter of whether a company stays afloat or doesn’t stay afloat,” he said. “You can’t supply, reply or do anything for your customer if you’re in a downtime or if you’ve lost data.”
Jessica La Plante-Wikgren is a freelance writer based out of Green Bay. She previously worked as a feature writer and staff reporter for The Door County Advocate and the Green Bay News-Chronicle. La Plante-Wikgren can be reached by email at jlaplante@centurytel.net. |