With so much information flying through cyberspace, it's imperative that clients' files and communications be protected. That can be a big order for small firms, however, in these days of rampant e-viruses and tightening IT budgets. The biggest worries, says Stephen Reyes, IT manager for the Florida-based accounting firm Saltmarsh, Cleveland and Gund (some 120 staffers), are e-mail and viruses introduced by employees bringing disks into the office. The only way to tackle the latter problem, he adds, is training employees. "That's the most difficult part. It's largely a matter of making them aware of the effects of what they do." Firms must also pair the training with the type of user, he adds. "Those taking laptops home have to have a different level of security," he says. Remote access and work-at-home processes have intensified need for security, he adds, as office laptops are linking not only to clients' networks, but to public networks and wi-fi ports.
Jason Cherkas, senior systems administrator with the Atlanta-based firm Tauber & Balser (staff of 47, 10 partners) says his top IT security concerns are the introduction of spyware and viruses from staff using the Internet for non-business purposes, and staff loading unauthorized software on workstations.
"I can provide the tightest firewall to protect the firm from hackers. I can ensure that the anti-virus system is running and scanning e-mail and files for viruses for all my workstations, but I can't fully control where people surf on the Net," says Cherkas. "When people complain that their machine is running slow or they're inundated with pop-ups, the first thing I do is run a Web usage report from my Web monitoring system. Most of the time they've been surfing to places that aren't business-related. There have been times when I've had to completely rebuild a workstation because of spyware."
Advertisement
"Communication and awareness are the simplest and most overlooked items concerning security," says Will Johnson, network administrator of Garden City, Kan.-based Lewis Hooper & Dick (five partners, total staff of 33). "With current phishing, e-mail scams, hoaxes, etc., users should at least be made aware of these issues. Bill Gates will not be giving you a dollar for every e-mail sent, a Nigerian government official will not give you 10 percent of $100 million, and eBay doesn't need you to update your password."
"Smaller firms often have environments consisting of only desktop and laptop computers, which means that every system must run all of the security solutions, and are concerned because all their eggs are in one basket," says Bob Hansmann, senior product marketing manager for vendor Trend Micro. "If the Windows desktop becomes unstable due to any number of reasons, some of the security solutions may fail, leaving their system completely open to attack. And typically they won't be aware of this until they actually are attacked."
Smaller firms also "tend to not be early adopters of new technology, and new technology is obviously one component of addressing today's latest security issues," says Ray Zambroski, CEO of Essential Security Software.
