The American Institute of CPAs recently polled their members in an effort to discover their top 10 technology issues for 2005. The CPAs that responded to the poll placed “Information Systems Security” at the number one spot on the list!

When most people think about Information Systems Security (we’ll call it data security), they think about protecting their systems and data from an Internet attack; a hacker, virus, worm, or spyware. And that’s good, because today’s Internet is a very dangerous place and prudent users should take every precaution to suitably defend themselves from the risks. Every business and home computer that connects to the Internet should be protected by a properly configured firewall, and regularly updated virus protection and anti-spyware software. Additionally, each system should have the latest security patches installed on the operating system and application software. Microsoft is constantly searching for vulnerabilities in their software products. When they find a weakness, they develop a security patch to fix it. These patches are made available to the public on the second Tuesday of each month, called “patch Tuesday.” If your system is configured to automatically download and install the patches, you’re good. If not, you need to take action to manually retrieve and install the appropriate updates. It is extremely important to get these security patches installed soon after they are released. Patches were available that could have prevented several of the most recent worldwide virus/worm attacks. Unfortunately, users had not installed them, and consequently suffered a business disruption.

Beyond those “externally” focused security measures, you need to also protect your data from internal threats. Two of the most often overlooked internal threats that lead to data loss, corruption or compromise are: 1) unauthorized access by an employee and 2) equipment failure. A recent FBI survey of anonymous companies showed that 70 percent of computer intrusions come from people associated with the company. To protect your data from this internal threat, you need to implement access controls. This includes physical access, as well as network access. A fundamental way to do this is to provide employees with only the necessary rights and privileges needed to perform their jobs. For example, you wouldn’t think about giving a new employee a set of master keys to your building and file cabinets, because in most cases they wouldn’t need access to everything in the building. However, if your data resides on an unsecured server or is distributed across your desktops, you may be inadvertently allowing everyone easy access to anything they want. To fix this, you need to utilize the built-in security features of your operating system and restrict user rights and permissions.

And lastly, you need to protect your valuable data from loss, theft, or corruption by performing regular data backups. Creating a proper backup plan, and then executing it seems to be a very difficult chore for many small businesses. Nevertheless, it is a critical discipline that should not be overlooked. If you are not 100% sure that your valuable data could be recovered if it were lost or corrupted, then you need to invest the time to ensure that it is.

If you’re not sure where you stand on these data security issues, you should consider discussing your concerns with a qualified IT consultant. They will be able to advise you on the best way for you to protect your business from both the external and internal threats mentioned here, as well as other threats that may be specific to your unique business environment. Their professional guidance should give you peace-of-mind, knowing that when something bad happens, you’ll be able to gracefully recover without significant pain.

Get Found on the Web

There were nearly 5.1 Billion Internet searches across 60+ monitored search engines during the month of December, 2005. This is a 55% increase year-over-year. There were 3.3 billion searches conducted in Dec, 2004. Google owns 48.8% of the market share in searches, with nearly 2.5 billion searches during Dec, 05. Most experts agree that Internet searching will continue to grow at this rapid rate, and will soon become “THE” way to find information on anything or anybody. It’s not too big of a stretch to see that coming!
Perhaps you’ve taken the essential first step and made an investment in a quality website. Great job! But if the site can’t be found through a Google or Live search, few will ever see it. Many business sites are not optimized for the type of traffic or consumer that they want to attract. In fact, they may be advertising keyword phrases that very few people search for.

If that's your site, then you need to find a solution. Unfortunately there is no quick fix for this, but there are some concrete steps you can take now that will lead to better results later. With proper planning and execution, you can definitely increase your likelihood of being found in the ever-growing sea of websites. It’s not just about establishing a presence on the web anymore. It’s important to begin to carve out a niche that will help searchers find you! Once you build that search engine placement, it will become increasingly harder for someone to displace you. I think several years from now, smart business managers who understand the importance of the web will look back and be glad that they took action to make it work in their favor.