by Bob Bengel, NWIRC President/CEO

cyber hacker conceptFor years, large busi­nesses in the United States have been actively pursuing information security with significant resources, including technol­ogy; people; and budgets. However, the hackers and cyber-criminals are now focusing more of their attention on less secure, small businesses. As a result, it is critical that each small business appropriately secure their information, systems, and networks.

According to Symantec’s Internet Security Threat Report (April 2009), there were over 1.6 million new viruses and other malicious programs detected in the prior year. Many, if not most, of these viruses and malicious code programs are used by organized crime to steal information and make money by selling or illegally using that information.

While it is not possible for any business to implement a perfect information security program, it is possible (and reasonable) to implement sufficient security for information, systems, and networks that malicious individuals may go elsewhere to find an easier target.

The following ten actions are deemed “absolutely necessary” by the National Institute for Standards and Technology (NIST) for any small business to provide basic protection for its information, systems, and networks:

  1. Protect information/systems/ networks from damage by virus es, spyware, and other malicious code.
  2. Provide security for your Internet connection.
  3. Install and activate software firewalls on all your business systems.
  4. Patch your operating systems and applications.
  5. Make backup copies of important business data/information.
  6. Control physical access to your computers and network compo­nents.
  7. Secure your wireless access point and networks.
  8. Train your employees in basic securi­ty principles.
  9. Require individual user accounts for each employee on business comput­ers and for business applications.
  10. Limit employee access to data and information, and limit authority to install software.

Additional information may be found on the NIST Computer Security web page at: