It’s probably no surprise that hackers can and do take advantage of businesses. Sometimes hacking can be a way to obtain personal information. Other times, it can just be a way to wreak havoc and have some fun at the expense of a business, experts say.

The Business Record caught up with local Internet security experts to compile a list of five things businesses can do to better protect themselves from online attacks.


1. Have a good firewall

Installing an up-to-date firewall is one of the first things a business should do to protect against unwelcome content connecting with its computers, said Larry Pedersen, former president of Advanced Network Technologies Inc., which was acquired by Internet Solver Inc. in January. The basic function of a firewall is to block potentially hazardous traffic from coming into or going out of a network. The most up-to-date firewalls now include what is called unified threat management (UTM), which provides more of an all-in-one security appliance with basic anti-virus and anti-spam protection. Pedersen points out that some businesses have old firewalls without UTM technology. “Just because you have a firewall in place, if it’s 7 to 8 years old, it probably needs to be replaced with a newer one,” he said.

2. Think about non-desktop computer devices

Alan Grau, president of Icon Laboratories Inc., comes at things from a different perspective. The world has an increasing variety of devices, such as mobile phones, medical care products and security systems, that are connected to the Internet. “But that makes them vulnerable to hackers,” Grau said. Consequences of that could include hacking an office printer to scan images from a computer it was connected to and ship them to a remote location, be it a lawyer’s office or a corporate competitor. It could be as serious as a failure on a medical device that could have fatal consequences. Icon specializes in installing firewalls on these products. Important precautions for businesses, Grau said, are checking with the manufacturer of a product on what kind of security the device has and making sure those systems are kept up to date by the manufacturer.

3. Have a plan

“You need to have an actual plan; you need to have an intrusion policy to know what happens when you get an intrusion,” said Jon Thompson, chief data steward at Evolve. A big part of that is having someone who is professional responsible for protecting against attacks, either within the company or from outside. Having a good backup strategy is important, said Pedersen, because permanently losing data can be devastating for a company. A commonly accepted dictum is that the vast majority of businesses that don’t fully recover their data in three to five days go out of business, Pedersen said.

4. Have strong passwords

Having more characters in company passwords for things such as logging onto the network and email could greatly reduce the probability of any computer program correctly guessing the password, Thompson said. He points out that six- to eight-character passwords are only effective if they are hard to figure out, with a unique combination of uppercase and lowercase letters along with numbers (think “dgBkl4A1” instead of “goclones”.) That makes it hard to remember. A 15-character password, on the other hand, would take “roughly the rest of humanity” to figure out, even if split up into four easy-to-remember words.

5. Don’t skimp on anti-virus software

Free anti-virus software can be appealing, but it is often reactive instead of proactive, Pedersen said. “Sometimes you get what you pay for,” he said. The advantage that most paid programs have is that they are often more up-to-date and able to keep up with evolving viruses. “It used to be when a virus was created, it would take a number of days for it to infiltrate in the Internet, and the antivirus companies had that time to fix, to cure and get the patches out there,” Pedersen said. “Now it’s zero-day. The Internet moves so fast … there is no extra time.” Paid programs that Pedersen recommends include Symantec and Kaspersky Anti-Virus.