Some ways to prevent a data security breach

DATA SECURITY:
• Emerging threats to your PC

As a small-business owner, you may be missing key signals that your computer network has been compromised.

Maybe there's a sudden spike in traffic on the network. Or the system responds sluggishly.

Perhaps some data are inexplicably missing or corrupted. Or suddenly the system is run ning out of hard disk space.

Pop-ups may start to appear or Internet browser errors occur. Maybe there are no perceivable symptoms, yet plenty of mischief is going on.

Data compromises happen a lot.

Gene Fishel, chief of the computer-crimes section at the Virginia attorney general's office, said that since January the state has received 59 data breach notifications from companies that do business in the state.

Here are some steps that your small business can take to try to prevent a security breach:

• Put measures in place to detect attacks.

"Deploy network and system-level defenses," advised Inno Eroraha, president and chief forensics analyst at NetSecurity Corp., the Dulles-based computer forensics and security consulting firm.

• Install reliable and verifiable backups of critical data systems.

If your server crashes, you will need to retrieve your company's backed-up data and put it onto a new server.

Do you know if your data backup system has been working properly?

"That's why it needs to be verified on an hourly, daily or weekly basis," said Paul R. O'Donnell Jr., sales manager at Network Data Security Experts Inc. in Richmond. "We have software that monitors that."

• Know every person who has access to your network data.

Your intellectual property, client data and accounting information are the lifeblood of your business, O'Donnell said.

Someone unauthorized on your system can steal, use or sell your company's confidential information. "That's how identity theft takes place. If a breach happens tomorrow, it could be months before it gets noticed."

• Educate workers and all others who have access to your network.

"It doesn't matter how much you spend on a firewall," Eroraha said.

"If users are uneducated, an attack can come in the form of an e-mail saying, 'Click on this link or picture.' Once you click on an attachment, you're wide open," he said. "Employees are always the weakest links when it comes to security."

Train employees during orientation and at least twice a year about the risks of using your network and the Internet.

• Initiate a company policy.

"Having a good policy is critical," Eroraha said. It should spell out acceptable behavior when using the network.

It might say, for example, that the network should be used for business purposes only and all violations will be subject to disciplinary actions.

It should establish a strong password-selection policy and rules governing e-mail, Internet and instant-messaging use. It also should have a policy on remote access and laptop use.

• Keep current anti-virus software and anti-malware on all systems.

Outdated security software won't work against new threats, O'Donnell said. "It can leave your system wide open to new threats every day."

Keep up to date on all patches. A patch, a piece of downloadable code, fixes computer bugs and vulnerabilities in the system. "Unpatched software is an easy route to exploit business systems," O'Donnell said.

Contact Iris Taylor at (804) 649-6349 or .