Some computer malware recently infected a large local organization, wreaking havoc with several business functions including the ability to print and the ability to run several critical business functions. The organization has a very talented and capable IT department, but the malware found its way into their system despite some sophisticated barriers set up to avoid the attack.
If a large organization with a trained IT staff can be impacted with malware, what chance does the small business have in defending itself against attacks from hackers, viruses, and other malware? The answer to that question depends on how the small business has prepared itself and what safeguards they have put in place. A small company with only a few computers and no in-house technical employees can take steps to minimize the chance that they will be locked out of their computers or have to spend significant time attempting to recover information by implementing some relatively inexpensive steps. In the discussion that follows, I am going to outline some suggestions that can apply to any size organization from a single computer up to the point where a trained IT department is necessary.
The first and most important step is to have antivirus software installed on all personal computers. This sounds obvious, but some computers may get overlooked if they are "stand-alone" computers not attached to a network, or if they are not used on a daily basis. Having any computer that is vulnerable to a virus increases the risk for the whole organization. Another misconception is that Mac computers do not need antivirus software. All computers should be running up-to-date virus protection software including Macs, personal computers running Windows, and servers.
The next most important step is to make backups of data, software programs, and configurations. For small systems a removable drive with a few terabytes of storage may be large enough and if more backup storage is needed you can consider one of the online backup services. If you haven't backed up your data regularly, you may find that if something bad happens, you will spend hours, days, or even weeks attempting to reconstruct events electronically. Regularly is a relative term and depends on the amount of data generated, but starting out with a plan to do daily backups is a great start. If the time frame needs to be adjusted, it can be changed based on a variety of constraints including the time it takes, costs, and available bandwidth or storage.
One of the ways that systems can get infected with a virus is to have an unauthorized user access the computer. This can happen much faster than you might think. Someone with a virus on a thumb drive can easily slip it into an open USB port, click on an executable program, and ZAP, the computer is set to start acting very strangely. The actual symptoms might appear immediately or they might not start showing up for a month. This is one of several reasons that passwords are important. Passwords need to be used for every computer, and should not be posted on a sticky note under the keyboard, or other obvious place. Using real passwords provide another layer of protection against bad things happening to a computer system. I recommend using software to keep track of passwords. There are several apps that will run on any computer and your smart phone to keep up with passwords. I recently checked to see that I have about 80 passwords and associated user IDs. It is impossible to keep them straight so I use an app on my phone that is synchronized with apps on all my computers to keep my passwords organized. One caution is that relying on storing your passwords in your browser can be dangerous. Given a few minutes, anyone with a little knowledge can grab your passwords from your browser cache and log in to any site or software you access. This becomes even more problematic if you are using a browser that is synchronized across all of your computing devices. It is very handy to use the password feature imbedded in a browser, but it increases the potential for your identity or your computer to become a victim.
Lastly, there is one step that most people overlook when they install a new computer that can save them a significant amount of time if a system is compromised. For computers running Microsoft Windows there is a utility that allows you to create a recovery image for your computer. Manufacturers used to include a CD with new computers with the operating system, but most of them no longer include the CD because new computers are not equipped with CD drives by default. It is more common that users create a recovery disk on a USB drive. This should be done while the system is in proper working order and does not have a virus, so the best time to do it is when it is unboxed from the manufacturer. This layer of protection is very helpful if your system does get infected and has to be wiped clean.
It is unlikely that any of these steps would have protected the organization I described in the opening paragraph of this article. They have all of this in place already, along with other more sophisticated barriers and precautions. The illustration does prove that everyone is vulnerable to attack, so even though the small organization may not have the resources to defend against everything, they can take these simple steps to reduce their risk of coming to work one day with computer systems frozen or infected.