Software And Coffee

Word on the street is Starbucks dumped T-Mobile like a bad habit. AT&T is waiting in the wings, offering two hours of free access a day. Sounds great, doesn’t it? Well, it’s not. I mean free is for me, but accessing Wi-Fi anywhere can be dangerous.

I have a couple of uber-security-geek friends that have been chatting about this for a few months. After listening to the Wall Street Journal podcast “Reacting to the slower economy” bring up this issue, I thought it was time to throw it out there. There’s a blurb 5 minutes into the cast about the insecurity of Wi-Fi.

The premise is public hot spots can be compromised. Basically, a hacker can “intercept” all your data bound for the internet. The websites you are accessing, instant messaging, and email are all vulnerable. If you have to use public Wi-Fi, make sure your email connection is encrypted, and only access SSL (https://) pages.

I use a mobile broadband card from Sprint when I’m out and about. It uses the cell phone towers to serve up internet access. Most of the major providers have them, usually referred to as EVDO. It costs about $60.00 a month for unlimited usage.

As far as your business, don’t use Wi-Fi. If you have to, make sure it’s locked down by a security professional. It’s really not worth doing it yourself. I’ll address that in another post, but for now just say no!

May all your communications be secure…

Stephen
DS Technologies, Inc.

One of my clients uses a software solution that maintains their clients, jobs, invoices and employees. Yesterday, I upgraded their solution to be able to track prospects. This change allows them to specify a contact as a prospect or client, track notes for the contact, and run reports on the prospects. The additional reports required access to the “reports” page, which contains job status and sales reports.

To accomplish this securely, I created individual rights for each report. This allowed management to select which reports individual employees have access to. In adherence to point 5 in “Lock The Gate”, employees only see links to the reports they are authorized to access.

It’s your data; be secure.

Stephen Tuttle
DS Technologies, Inc

Gated communities present an interesting paradigm. In order for the concept to work, you must trust everybody living in your community. Not only that, you have to trust all of their family, friends (and kid’s friends). You’re only as secure as the last person who entered.

Your business is very similar. At some point you hired people that weren’t friends or family. You trust those employees, and all their friends that send them email links to the latest you tube drudgery. Anti virus and firewalls are great, but this is a different attack vector.

Who is accessing your data? Do they require the level of access they have? Do your employees work odd hours? What is the impact of a notebook “walking off”?

Security is usually addressed after a breach has occurred. Obviously, this is too late. The impact a single breach can have on your business can be devastating. Security doesn’t have to be expensive. Here are a few cost-effective (read cheap) tips that can help:

1. Limit access to genuine needs. Few employees need access to a current client/prospect list, sales, aging or open invoice reports.

2. Enable logging in your business software. If a user changes an invoice or alters a bill, there should be an audit trail.

3. Perform periodic audits. Pick a random section of time and review who is accessing what. Not only does this provide a security audit, but can help in reviewing efficiency.

4. Get email notification if a user attempts to access to an unauthorized component. For example, a salesperson attempting to access HR or user administration.

5. Remove temptation. The user interface should only present what a user has access to. Some applications disable the menu item or button. I prefer to remove it completely.

Whether you use these tips or implement your own mechanism, start being secure today. Thanks for tuning in, and lock the gate behind you…

Stephen Tuttle
DS Technologies, Inc