Crafting a Technology-Security Plan

This article was written by Peter Alexander of Entrepreneur.com

Most small-business owners understand that complete, end-to-end network security is something they should have -- but it's something they probably don't. And how can they? With security threats coming from a multitude of sources and no end in sight to the new attacks that are frequently launched on both networks and PCs, keeping up with all these threats and figuring out just what to do about them is challenging enough for big companies with dedicated IT staffs. For small businesses, it can be completely overwhelming.

The risks of not adequately securing your business network and PCs are huge, however. Remember: It's not just your data that's at risk from attacks from viruses, spyware, hackers and others. Any customer data stored on your computers -- including Social Security numbers, bank account information and confidential data, such as key sales and marketing data -- is at risk as well.

Here are the facts, according to consumer product research organization Consumer Reports:

During a recent 24-hour monitoring period, computer security software firm Symantec recorded 59 million attempts by hackers to gain unauthorized entry into business and home computers.

One out of four computer users said they had experienced a major, costly problem due to a computer virus, according to a fall 2006 survey. The average cost per incident was $109. In addition, one out of every 115 people was the victim of a scam email attack, which cost victims an average of $850 apiece.

To combat viruses and spyware, American consumers spent at least $7.8 billion for computer repairs, parts and replacement over the past two years.

The Threats

Since security threats continue to evolve, business owners must not only continue to protect themselves from existing threats such as viruses, spyware and scam emails, but must also keep abreast of new threats and understand how hackers will be targeting computers in the future. So what will the newest threats be in 2007?

Here are some trends to watch:

More narrowly defined threats, or "targeted threats," are becoming common. These attacks tend to focus on sensitive information from a single company or individual rather than indiscriminately letting a worm loose to find victims randomly wherever they can.

The "malware" capable of these attacks is being delivered to users in increasingly sophisticated ways such as in email attachments, embedded in video files or hyperlinks, and even through social engineering tactics that lure, fool or trick the user to make what seems like a benign action that automatically installs the malware without user help.