TO SERVE AND PROTECT

• Naomi Hulbert
• 18 February 2008
• Page 1 of 2 : single page

Photo credit: Getty Images

Topic 1: Online security & fraud

Naomi: What can SMEs do to protect their networks and computers from small-business specific threats?  

David: Anyone running a small business knows the challenge of being the company’s under-resourced Captain Kirk, and not having teams of engineers, doctors and security experts on-call to ensure everything is ship-shape and travelling at warp speed. 

Naomi: Man, you’re a nerd.

David: Yes. When you’re a busy small business owner – and Trekkie – it’s easy to forget or neglect to ensure your business’ IT runs securely and your intellectual property is protected, and this is a critical issue. 

Seamus: Online security is really one of those complex issues where some people are getting too worried, and others just aren’t worried enough. You should certainly pay attention to what you doing with security online, but they shouldn’t get so worked up about it that you refuse to get out there and use the net to its full commercial potential. 

David: That’s true. As technology and the net have matured, so have the many security issues, so we’re in a lot more danger than just simple virus threats on our PCs. But on the other hand, these threats have largely been mitigated by the many anti-virus offerings around. 

Seamus: If you’re really concerned, then you should think about buying a Mac. Seriously! Pedants love to point out that a virus could appear any day and spoil the Apple love-in on this, but the practical reality now is that the malicious viruses doing the rounds online aren’t targetting Macs. You’ll also be using something other than Internet Explorer (either Safari or Firefox), and avoid some of the classic online pitfalls aimed that way too. If you can get the software you need on there, a Mac could whisk away one of your greatest concerns. 

Giles: Protecting online business these days is not just about stopping someone from costing you money. Since most business websites probably contain business information and possibly even customer details, business owners are liable under a number of Acts to ensure the information is kept secure. These include the Privacy Act, the Corporations Act 2001 and the Trade Practices Act. 

David: Business owners need to guard against violations that threaten their online activities in the areas of ecommerce, internet domains, hackers, bandwidth theft, identity theft, registration and advertising scams. Because we’re not Captain Kirk and we can’t just call security to strengthen our protective shields against Klingons, it’s our responsibility to protect our enterprises from external threats.

Giles: Hackers are a very real and common threat, always testing websites for vulnerabilities that can be exploited to access valuable personal data and financial information. 

Naomi: How can business outwit hackers? 

Giles: The most obvious first step is to employ a suitable firewall. Of course at least one server will need to be accessible through the firewall for the website to be live, but if you use database technology to store customer information, you should store this on a second server behind the firewall to reduce the risk of unauthorised access to that data. 

Seamus: But people should never forget that unless they have their wireless on its own special sub-network, if someone gets access to their wireless they are inside their firewall, and could do a lot of damage to their systems from there. 

Giles: Internet hosts such as NetRegistry can also supply Secure Socket Layer (SSL) technology to encrypt private data as it is transferred across servers and routers. With sensitive financial transactions happening over the internet, SSL encryption prevents the data being of any use to a website and the bank.

Seamus: A tip I’ve picked up is looking for the stealth settings on your broadband router. It will usually be in there somewhere, and what it means is that your network ports will just ignore any attempts to knock on your network door to see who is home. This means automated scanners looking for soft targets will just move along, because they won’t even know you’re there. Standard network settings will respond to every knock with what amounts to a ‘closed’ message, but that lets a hacker know there is a potential target at that address. I think these days most people are pretty good at locking down their wireless networks. But, just in case, lock it down, people! For the best results, turn off SSID broadcasting so you have to specifically tell your computer the name of the network you want to join. This is an almost foolproof way to never have people just stumble upon your wireless. Use Wi-Fi Protected Access (WPA), not Wireless Encryption Privacy (WEP,) for your security: WEP is very easily broken. 

David: The ACCC (Australian Competition and Consumer Commission) has a very handy website called SCAMwatch (www.scamwatch.gov.au). It’s a great resource for business people wanting information on more secure online activities. Business scams can range from false advertising to fraudulent government requirements to send money. 

Seamus: One big scam that gets me is the nasty letters you can get from dodgy domain resellers, claiming you must fill out the form and send it back if you want to keep your domain name. The Australian domain authority seems to be doing pretty well to shut these jokers down, but it’s worth flogging the topic because it would be very easy to get sucked in on this on and then held to ransom if you want to get your domain back or move it somewhere else ever again. 

Naomi: Does anyone actually send money to those ‘buried treasure’ scams from Africa? Isn’t it just common sense?