Re: Security Tips For The Small Business From 70, 000 Feet

[Michael Dickey <lonervamp () gmail com>]

Nice job on that talk! Not sure how to tackle suggestions, so I'll just dig
on in.

1. Backup provider - Given non-technical people, I might actually suggest
picking up some external hard drives and copying data you can't live without
losing onto it. Then store it somewhere safe, like a bank perhaps? And do
your backups regularly. It isn't unacceptable to have an SMB CEO store it at
home in a safe.

2. You mentioned WSUS (a bit technical), automatic updates (excellent!), and
Secunia, and I'm not sure it gets better than that trio. For non-tech small
business people, I might suggest finding or befriending a local technical
person that you can buy beer for and give a small fee to for regular
"check-ups," if you will. Check out software installed and update the
important stuff like Adobe, browsers, plugins, etc. It can sort of be the
equivalent of the neighbor kid mowing your lawn. Maybe someone in the local
Geek Squad actually has some brains and wouldn't mind a little side job;
same goes for those SMB IT guys your peers contract for the exact same
purposes; not full time, but on call for needs.

3. Least Privilege - I like this bullet in your talk as a concept, but I
think talking about running as non-admin on systems is asking a lot from
small business folks. It's nice to mention, but I think just emphasizing the
concept of least privilege access is important, such as to computers, data,
internal apps, keys your employees use, and so on.

4. Encryption - A bit heavy for non-technical. Local disk encryption is
important, but again heavy and might get back to taking on an on-contract IT
guy for just a bit of one-time help.

5. Network restrictions / Firewalls - Again, a bit heavy, but I like that
you blended in wireless access points, although diving into
WEP/WPA/wardriving got heavy quick. Just being aware that wireless does not
equal private is an important point to make.

6. Password choice, reuse - I love this point and aligns with broader
"practice safe computing habits online" strokes. Also, don't share
passwords. SMBs learn this the hard way with terminated employees who end up
keeping access. You don't let them keep door keys on termination, do you?

7. Data removal - I saw this on your slides, and I'd think it's a bit heavy.



On Sat, Aug 20, 2011 at 9:06 AM, Adrian Crenshaw <irongeek () irongeek com>wrote:

> A little while back Joe Hollingsworth and I were interviewed for an article
> in the Southern Indiana Business Source. The local Kiwanis club asked for a
> 25 min talk on the subject of the article, so we came up with this mandate:
> Given only 25 minutes, tell us what a small business could do to help their
> security posture. Well, it ended up being almost 40min and we did not get
> through all of the slides. The live video camera failed, so the audio in
> this video is what the laptop recorded.
>
>
> http://www.irongeek.com/i.php?page=videos/security-tips-for-the-small-business-from-70000-feet
>
> I'd like some suggestions in case we do the talk again. I think I'd like to
> expand on:
>
> 1. Who to use as a backup provider, or good recommendations for doing it
> yourself.
> 2. 3rd party patch management solution recommendations.
>
> Ideas?
>
> Thanks,
> Adrian
>
> --
> "The ability to quote is a serviceable substitute for wit." ~ W. Somerset
> Maugham
>
>
>
> --
> "The ability to quote is a serviceable substitute for wit." ~ W. Somerset
> Maugham
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com