Small-Business Network Security 101

Today more than ever, good network security is vital to businesses of all sizes. Cybercriminals, equipped with sophisticated software that automates the task of seeking out vulnerabilities, aren't focusing on large enterprises alone; any easy target will do. Fortunately, however, good security isn't as expensive or as complicated to implement as it used to be.

Technology for protecting valuable data from prying eyes, warding off malware, managing spam, or empowering employees to work remotely and securely is now bundled in routers at prices that most organizations should be able to afford. Though consumer routers offer some of these protections, you don't have to spend a lot more for business-class alternatives that provide more-robust defenses and, typically, features that consumer products simply don't offer.

Attending to the Basics for Free

Small businesses must cope with the same Internet security threats as larger companies do, but usually without the same budget and manpower. And in recent years, the threats have diversified and become more subtle: Whereas several years ago, you worried that a hacker or virus would crash your computers, now you may never even realize that your network has been compromised until real economic damage has been done. For example, your data may be lost or held hostage; you, your colleagues, and/or your customers may fall victim to identity theft; or your computers may be used to distribute spam or malware.

Of course, once your business grows to a certain size--100 to 200 staffers or more--you're best off putting security in the hands of a pro, typically an independent contractor or a reseller. But if you're handling security for a workgroup or a smaller business and money is tight, you can develop and implement your own security policy. This doesn't cost a dime, and it can be very effective if you put in the required effort--but make no mistake, effort is involved. Nobody likes to change passwords every month, perform regular backups, and check for software updates, but tending to these chores can help minimize your risk.

Security organizations offer how-to guides that can get you going. For example, the Internet Security Alliance makes its "Common Sense Guide to Cyber Security for Small Businesses" available as a free download to registered users; you can read some of its contents in the SANS (SysAdmin, Audit, Network, Security) Institute's "Network Security and the SMB" paper.

The guides have similar checklists with instructions that you've probably seen before, but the major ones bear repeating:

• Protect user accounts with strong passwords and change them regularly.
• Scrutinize e-mail attachments and links.
• Install and regularly update antivirus and antispyware software.
• Keep your operating system and applications current and patched.
• Set up and use a firewall.

Also included are items that you don't hear about as often but can also help to plug security holes:

• Remove unused user accounts and software.
• Regularly back up key data.
• Implement network access security.
• Limit access to sensitive information.

The router that connects your network to the outside world is the primary line of defense, and ordinarily it has its own firewall; current consumer routers typically have other security features, too, so you should read the manual to see which ones your router offers. One important step that many otherwise savvy users often neglect is to change the default administrative log-in settings so that an outsider can't easily alter all of the other settings. (Router vendors tend to use the same default settings for all their products.)

If you're using Wi-Fi, it's time to bite the bullet and use the best encryption available, WPA2. If you're hanging on to a laptop that doesn't support WPA2, either upgrade to one that does or resign yourself to disabling Wi-Fi completely and using a wired hookup. The same goes for smartphones: Current and recently issued handsets (including the iPhone) support WPA2, and you should abandon Wi-Fi on older handsets that don't.

Moving Up to Business Class

So what does a business-class router give you that a consumer one doesn't? The list varies, but features can include a more-robust firewall (with sophisticated software that can check to make sure data packets are what they purport to be), additional antivirus/antispyware/antispam protection, and business-friendly features such as VPN support (so that you can access your network remotely and securely, without exposing it to intruders), guest Internet access (so that visitors to your office can go online without gaining access to your internal network), and support for multiple broadband ISPs (for backup when one fails, or for load-balancing when all are functional).

A note on VPN support: This is a key feature of business-class routers, since so many people want to be able to access a network when they're at home or on the road. (Wouldn't you rather have remote staffers access corporate data inside your firewall than keep copies of files on a laptop they might lose?) Don't confuse VPN support on business hardware with the pass-through VPN support on many consumer routers, which is designed to let a home user connect to a corporate VPN; a business router creates the VPN itself. They don't have to cost a bundle: D-Link's DIR-130, for example, is an eight-port firewall router that lets you set up VPN access for up to 25 users (it doesn't, however, offer antivirus, antispam, or other business features).