AutoInc. Magazine
 
 
Enter Our Photo Contest!
MAGAZINE
Home
Current Issue
Ad Index
AutoInc. Archive
How to Contribute
Reprint Permission
RSS
READER SERVICES
Subscription Info
Letters to the Editor
ANNUAL FEATURES
Top 10 Web Sites
Software Guide
NACE Online Daily News
How's Your Business?
ADVERTISING
Ad Opporunities
Media Planner
ABOUT AUTOINC.
AutoInc. Mission
Meet Our Staff
  Special Feature

Don't Leave the Back Door Open

Posted 9/11/2007
By Angie Kilbourne

Opening your business to the Internet allows small businesses to play at the same level as chains and dealerships. It also exposes shops to the same digital threats to information and productivity.

Only a decade ago, large companies were the almost-exclusive users of business technologies such as e-mail and high-speed Internet. But today, even the smallest businesses are reaping the benefits of the latest digital technologies. In today's competitive repair market, e-mail, Web sites, online appointment forms and electronicdirect marketing efforts are helping shops stay in constant contact with their customers, business associates and related partners.

However, the deployment and use of these technologies doesn't come without its own set of headaches. Simply put, electronic threats to information security and productivity are no longer the worries of just big corporations. By opening the doors of your business to the Internet, you face the same risks that early adopters continue to battle.

Why me?

You may think your shop is just a small fish in a big pond. But that's exactly what cyber criminals are looking for: a business that doesn't have the luxury of a fully staffed, experienced information technology (IT) department to oversee operations.

It starts with your Internet connection, especially those broadband connections so critical to a shop's day-to-day operations. Broadband connections are on the rise, both in homes and businesses; AutoInc.'s own "How's Your Business?" 2006 survey highlights the fact that more than 90 percent of the respondents connect to the Internet via DSL or cable service. You need the fast downloads and lightning-quick browsing speeds to access service information and e-mail your customers. Criminals love broadband because they can get into your computer system even quicker.

"What people don't get is that when you're connected to the Internet, the Internet is connected to you. It's a reciprocal relationship," said Steve Gibson, president of Gibson Research Corp, who was quoted in PCWorld magazine. "There is a serious, not just a hypothetical, risk - a consequence - that involves a responsibility with a connection to the Internet. Yes, it is wonderful. Yes, there is really cool stuff out there, but there are also people without your best interest at heart."

Clearswift, a Redwood City, Calif.-based firm that specializes in e-mail security products, released a 2006 white paper titled "Simplifying Content Security." In the report, it found that just a few years ago, the vast majority of business-related content resided as "structured data, living within the controlled security of corporate applications and databases." Clearswift pointed out that 80 percent of business data is held today in unstructured environments - e-mail, text documents, pdfs, presentations, and spreadsheets - and circulates freely within and outside of company environments. Consider that point in relation to your own organization.

We're not talking pranksters here

These attacks aren't just limited to the familiar spyware, viruses, Trojans and worms. Add to the list phishing, vishing, pharming, phaxing, and the deadly denial of service (DoS) attacks. Now throw in theft of equipment; data breaches, both accidental and intended, by employees, customers or vendors; and the "uncontrollable" factors, such as racial, sexual or criminal content within e-mails or planted on a Web site unbeknownst to the company. Clearly, this isn't a few college kids out for a virtual joyride.

Let's look at some clearly plausible examples of information breaches that can occur within a business:

  • Your administrative assistant accidentally attaches a document containing all of your employees' salaries and e-mails it to the entire staff.
  • You, in an effort to stay productive, check your e-mail from your laptop at the airport while waiting for a flight. Your customers' and employees' personal information is hijacked through the airport's unsecured, wireless system.
  • A "joke" e-mail containing offensive language is passed between employees, and one worker sues for harassment.
  • An inconspicuous link shows up on your Web site that leads to pages containing child pornography, triggering an investigation by the FBI.

Starting to feel a little queasy? Does the possibility of one of these breaches actually occurring - and leaking out to the media - give you a bad taste in your mouth? Well, rest assured, you aren't the only one.


The Battle Plan

  1. Know what kind of information must be protected and from whom - both inside and outside your organization.
  2. Develop company policies and procedures and educate your users about them, as well as providing regular IT security information updates. Your policy should clearly state what may or may not pass through the company's electronic messaging systems, such as e-mail and instant messaging.
  3. Make sure all of your computers and software are up-to-date.
  4. Verify that standards are not being violated and that systems are not being compromised, as promised.
  5. Understand there is an inconvenience factor tied to system security.
  6. Include a disaster plan of recovery in your overall IT security policy.

Source: The National Federation of Independent Business


Katy, bar the door

"But I've got virus protection and firewall software installed," you say. It's a great start, considering the frightening numbers of surfers out there who still don't use these simple precautions. But it's just the tip of the iceberg.

The 2006 Clearswift white paper points out that although firewalls protect against network attacks, they are designed to allow e-mail and Web traffic to pass through unscathed. Anti-virus software will catch most viruses coming in; however, it only works on known viruses and is only effective when the software is up-to-date. Further, depending on the product, it can miss viruses buried deep within files that appear to be harmless.

In early 2004, Microsoft founder Bill Gates predicted that spam would be eradicated by the end of 2006. Someone should ask Gates to check his e-mail. In a May 2007 white paper produced by New York-based MessageLabs, "Effectively Securing Small Businesses from Online Threats," spam is the "silent killer" for small businesses. If a spammer decides to target your business, your e-mail server could effectively be overwhelmed, shutting down the system and stopping commerce in its tracks.

The company's research shows that "one out of every 1.33 e-mails is spam, one in every 126 messages contains a virus or Trojan horse threat, and one in seven employees will handle some form of harmful Web content." Given the overwhelming numbers of malicious messages out there, spam continues to be a criminal's choice method of infiltration into any organization.

The best defense is a good offense

Shop owners and managers need both a battle plan and the proper weapons to battle these threats to a company's integrity and economic health. It starts with securing your system. Here are some tips:

  • Disable all file- and print-sharing programs on every system.
  • Ensure every computer and server within your network has anti-virus, firewall, anti-spyware and anti-spam software, and that each piece is up-to-date and updated both regularly and frequently.
  • Enable your anti-virus software's Netshield capability, which scans the incoming packets for virus signatures and immediately blocks and notifies you of potentially harmful packets.
  • Install updates and patches for operating systems as soon as they are released, especially with Microsoft products because of their mass appeal.
  • Whenever possible, shut down your broadband connection when not in use. Information continues to flow between the Internet and your computers, even when the computer is turned off.
  • Do not download or open files, especially e-mail attachments, from non-trusted sources. Scan all downloaded files before proceeding. But understand that some script files are necessary, especially when updating systems.
  • If you employ a wireless connection within your business, treat every wireless device as an unknown user. Require authentication and encrypt data traffic.
  • Do not collect information that you don't need from customers. Remove all customer and employee data that is not necessary, and ensure your policy outlines proper procedures for the destruction and disposal of all sensitive data - from paper copies to disks and drives.
  • Disable and remove all idle user accounts within your system.
  • Back up your systems daily. Your backup should include an uninterruptible or dual power supply and off-site storage.

Barely scratched the surface

We've only touched on the basics here, and in the time elapsed between my writing and you reading this piece, millions of attacks on businesses and home users will take place.

One thing is clear for the future of the professional service provider: Dependence on electronic communication between businesses, customers and vendors will only increase. Every security compromise, big or small, only erodes consumer confidence and slows the growth of your business.

Don't be the one making headlines. Do your homework and secure your most precious asset: information.


Recommended Reading

Interested in doing more research on the topic of Internet security? Please see the September 2007 issue of Consumer Reports magazine. The issue contains:

  • 19 ways to protect yourself online
  • New threats to avoid
  • Best software for viruses, spam and spyware
  • How to avoid getting hooked by a "phish"
  • and much more


share your thoughts...

RATE THIS ARTICLE

What do you think of this article? Your input will help AutoInc. develop additional articles on this subject. Share your thoughts!

Your name

Your e-mail address

  
MOST ACCESSED ARTICLES

  • Fuel Injection Service, Not Just Cleaning
  • The Art of Extraction
  • EGR Systems: Operation and Diagnosis
  • Proactive Target Marketing:_Rethinking Your Business Strategy
  • Engine Performance: HO2S Diagnostics

    MOST E-MAILED ARTICLES

  • Developing Employee Potential
  • How Critical Thinking Can Help Your Business
  • How to Diagnose the Ford Glow Plug
  • What to Look for When Shopping for the Right Shop Management Software
  • Putting a Price Tag on Complaints

    • AutoInc. Web Site | ASA Web Site | U.S. Court of Appeals Affirms District Court Ruling in Allstate Insurance Case | Alternative Fuels, Part 2 | Don't Leave the Back Door Open | Avoiding a Rush Job | Wage-Hour Standards in the Auto Repair Industry, Part 2 | Guest Editorial | Tech to Tech | Tech Tips | News Briefs | Taking the Hill | Around ASA | Shop Profile | Net Worth | Stat Corner | Chairman's Message

    		 
    Copyright (c) 1996-2008. Automotive Service Association. All rights reserved.
    XML Add RSS headlines.