Computer security professionals often warn their clients, “If you want a completely secure system, disconnect it, encase it in concrete and drop it in the deepest part of the ocean.” While no one would seriously suggest such a course of action, computer security and the safeguarding of data are areas no business can afford to overlook.
Family businesses are by no means immune to security holes in their computer systems. In fact, family firms—the large companies as well as the “mom and pops”—are often in greater danger than the typical business or home user. Consider the following disasters, which really occurred in family businesses I know (names have been changed to protect the families from embarrassment):
Case #1: Silver’s Office Supply
This store, staffed by three generations of the Silver family, has served the downtown area for nearly 60 years. While the store is open to the public, most of Silver’s clients are the many law offices in the area. The store also has lucrative contractual agreements with both the city and county governments.
Giving in to the pressures of ballooning inventory records, the need for better financial tracking and the urging of his son-in-law, Mr. Silver computerized his company in the early ’90s—an investment that has paid huge dividends since then. Workstations are scattered throughout the offices, sales floor and warehouse area, facilitating data entry, order tracking and other operations. A relatively recent addition has been the company’s website, which includes an online catalog of products—all hosted on the store’s computer system. The website and server were set up by Ryan, Mr. Silver’s grandson, a part-time employee and college student majoring in computer science.
Unfortunately, when Ryan set up the store’s server (using software he’d gotten from a friend at school), he left several security holes that would allow a crafty site visitor to navigate the entire network, not just the website’s files and folders. In other words, an outsider could gain access to the company’s financial statements, inventory records and pricing guides—not to mention customer account information, including credit card data. Luckily, log files indicated that no such breach had occurred yet; all of the “outside access” had been limited to browsing the company website.
Case #2: Words Bookstore
Martin Blaylock and his daughters, Mary and Wanda, own and manage Words, a bookstore with a small but devoted clientele. Unlike the Silvers, the Blaylocks didn’t need a complex computer system to manage their store—instead, the store maintained a single PC that served as a cash register, bookkeeping/ accounting system and time-killer (in the forms of games and such) for the employees during slow periods. They also maintained a dial-up Internet account so they could access some online book-locator services to track down elusive or out-of-print titles.
Last spring, some strange things began happening. First, Wanda’s daughter Ashley began receiving credit card bills for an account she’d never opened. On two occasions, a man would call the store and then ridicule whoever answered, quoting salaries and hourly wages and urging them to get a “real job.” Another time, Wanda received a call from someone asking if Kevin (Mary’s teenaged son, who’d had some trouble at school) had been suspended for his hijinks.
Completely shaken, the Blaylocks bought shredders for home and work and asked friends and neighbors to watch their mailboxes for them. In the end, though, it was Ashley who figured out the source of the leak—she noted that all of the various encounters and invasions had made use of information that was present on the store’s computer. What was worse, she learned that she was the cause of the problems.
Since she’d begun working at Words around Christmas, she’d been using the store’s computer and Internet connection to access various music-swapping services. What she didn’t realize was that when she set up the file-swapping programs, she’d elected to “share” the “My Documents” folder on the computer— meaning that music she downloaded would go into that folder, and other users of the swapping service could transfer the music files from that folder to their computer. But “browsers” weren’t limited to grabbing music files—they had access to any files in that directory. This included the data files for the store’s accounting program and numerous word processor documents, such as résumés, job applications and letters to friends and family—a treasure trove of personal information.
It’s all relative
So what makes these cases any different from similar events at a non-family-owned business? Several things, in fact—including, unfortunately, the “flip side” of the factors that give family businesses strength.
Lack of IT (information technology) policy: Whether it’s a simple one-page document listing do’s and don’ts or a binder with definitive policies, your business must state in writing what is and isn’t allowed on the company’s computer equipment.
Reliance on a local guru: It’s very common for a family firm to have one (or more) “tech-savvy” family employees—relatives who profess to have the skills necessary to take care of your company’s needs. But unless this person is a seasoned professional, you would be wise to bring in a “hired gun” to handle any major IT tasks. While doing so might result in wounded pride, you must balance that risk against the potential risk (and liability) a major security break could pose.
Lack of boundaries: It’s often difficult to tell a family member that no, he or she doesn’t need access to a certain area or program. Once again, hurt feelings might result, but not everyone needs to obtain (for instance) payroll records. At Words, the whole fiasco could have been avoided by simply denying Internet access to anyone but Martin Blaylock and his two daughters—one of whom was in the store 80% of the time, anyway.
Penny-wise, pound-foolish management: There’s no doubt that some software companies charge outrageous license fees for their products. That’s no excuse for using “pirated” software, programs that are “borrowed” or copied from a friend, or your son-in-law’s home accounting package. Purchase legitimate copies of commercial software that offer the features and support policies you need. In addition to software that most likely fits your needs better, you’ll get the peace of mind that comes with knowing you have a modern, updated package free from security holes and potential conflicting licensing issues.
Keep your system secure
Whatever platform or operating system you run, there are certain measures you can take to maintain system security:
• Update your operating system: Microsoft offers “Windows Update,” a service that allows Internet-connected computers running a Microsoft operating system to download security updates and performance-enhancing “patches.” Take advantage of this service, for the security updates if nothing else. The Macintosh provides a service called “Software Update” that serves the same purpose as “Windows Update.”
• Purchase virus protection: Invest in and use a recognized anti-virus solution, such as those offered by Symantec (Norton Antivirus) or McAfee. In addition, obtain new “virus definitions” (the database of known viruses) as often as possible.
• Use a firewall: A firewall is essentially a barrier between your computer network/system and the rest of the world. If you spend any significant amount of time online, invest in a software- or hardware-based firewall to block intrusions. (A hardware-based firewall properly configured is your best bet.) Both Mac OS X and Windows XP have built-in firewalls that can be easily activated and provide a reasonable amount of security. A more advanced software firewall solution is ZoneAlarm, available from www.zonelabs.com. ZoneAlarm will run on Windows 98SE/Me/2000 and XP.
• Consider switching platforms: While the Windows family of operating systems owns the greatest market share, it’s definitely not the only game in town. Consider switching over to either Macintosh (fewer software options, more than offset by its stability and user-friendliness) or Linux (many free or low-cost software titles available and very stable, but requires a higher level of technical expertise than Mac or Windows). Both platforms are very resistant to the viruses and security problems that plague Windows.
As you might imagine, this is merely the tip of the iceberg where IT security and family business overlap. Still, the issues and principles outlined in this article should give you the background necessary to evaluate where your family business stands in the “danger zone.”
M. Chris Osment (www.8999.org) is a freelance writer and self-described computer nerd based in Northwest Arkansas.
For more information
For more information and valuable insights, consider visiting the Internet resources listed below.
Gibson Research Security News & Information: www.grc.com/default.htm
Shield’s Up! (Security diagnostic tool): https://www.grc.com/x/ne.dll?bh0bkyd2
Leaktest (Firewall evaluation tool): www.grc.com/lt/leaktest.htm
TrendMicro Housecall (Online virus scan): http://housecall.trendmicro.com
Symantec Security Check: http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym