How to Protect a Home-Based Business and Its Profits

by Pam Baker

Here’s how to protect your work-at-home business from a range of security threats. It doesn’t cost much (some tools are even free) -- and it could save the business you work so hard to build.

Working at Home

Work-at-home entrepreneurs can build empires on a shoestring budget by using innovative technology to do the work and solve problems. Mobile and remote computing in particular help small businesses turn on a dime to meet and beat changing job and market conditions. Unfortunately, those technologies also pose the greatest security threats to the company.

Typically, small businesses do not have an IT expert to launch a defense or even to identify the more insidious threats lurking in unexpected places. That does not mean, however, that SMBs must gamble their livelihood on a wing and a digital prayer. Small business owners can take several relatively simple yet very savvy actions to protect their assets.

Small Business Security: Data Dangers

First, be aware that a strong defense encompasses far more than simply protecting the hardware. "With regard to security, the biggest risk is, of course, the data -- not necessarily the actual equipment," says Yehuda Cagen, director of Client Services at Xvand Technology Corporation.  "According to the Computer Crime and Security Survey, the value of the information in an average notebook exceeds $250,000."

There is more to protecting your business data while working from home than just using passwords, antivirus software, stolen or lost device wipes, and router protection -- especially if you have one or more employees working from their homes too.

 "If they do stupid things on their own network, it can expose their work computer to undue risk," warns Jon Heimerl, director of Strategic Security at Solutionary, an information security company. "Assume that the telecommuter’s home network is hostile."

The Why and How of Virtual Private Networks

One way to limit your exposure to risk via an employee’s use of his home network is to use a Virtual Private Network (VPN). Setting up a VPN is easy and cheap. If you are running Linux computers, it’s a matter of clicking a dialogue box and following a couple prompts. Or, you can use an open source VPN which is also free, or buy VPN software from any number of vendors.

A VPN gives you a secure and private Internet connection and treats all your remote employee devices (from desktops and laptops to smartphones) as though they were physically plugged into your company’s own network. You and your employees have access to company information, but all data moving over the Internet via a VPN is encrypted so that sniffers in public hotspots and hackers attacking a home network are blocked from reading the data.

Another advantage of VPNs: if you use a professional VPN service, you can have additional IP addresses based in any country you want. This lets you access servers that are not available from U.S.-based IP addresses. This can be exceptionally handy if your company does business in foreign countries.

"If your employees are connected to your business via a VPN, you can make sure the VPN segregates them from their home network," says Heimerl. Doing so circumvents any security threats on the employee’s network such as a virus their teenager downloaded in a game or video that then spreads to all computers in the house.  

"But it is possible for that same user to connect to the outside world without using the VPN, and perhaps connect to their home network when the VPN is down," he says. Therefore, just establishing a VPN is not a total security solution. You must enforce employee use of the VPN at all times.

There are a few exceptions to the VPN rule, such as when staff requires little centralized control and access. "Perhaps you can get by with Outlook Web Access, and share work files through an outsourced cloud provider. This can be a reasonable business model," says Heimerl.  "But, if you are in a business that requires open communication and collaboration in a team environment, you may need to connect the users to each other via a common VPN network."

To further protect your own home network or that of your employees, encrypt everything, and ensure that you and your employees do not talk about sensitive company business on public networks -- such as social media.

The Social Media Trap

In a recent Microsoft survey, 42 percent of SMB information workers indicated that they use public social networks to conduct business.  "Intellectual/business property is being shared over these public portals, which calls in to question ownership," warns Josh Waldo, Microsoft’s director of SMB marketing in the U.S. 

 "While social media is an effective way to collaborate in business, it isn’t secure," he said. "It’s important to be strategic about how and where you collaborate and to put security policies in place that discourage social media, like Facebook and Twitter, for internal communications."

Instant Messaging (IMs) Pose Threats, Too

But social media isn’t the only highly vulnerable means of communication. Instant messaging (IM), for example, is not encrypted and is incredibly easy to hack. Anything sent over consumer-oriented IM is therefore highly vulnerable. Email, too, may be at risk especially if you or an employee uses a simple password.

Combined, these are far bigger security risks than most small business owners realize. In a recent survey by Staples Advantage, the business-to-business division of the office supply company, telecommuting respondents said they rely on the following technologies to stay connected:

  • 96 percent rely on email
  • 68 percent rely on instant messaging
  • 44 percent depend on videoconferencing
  • 25 percent rely on unified communications

To resolve the IM vulnerabilities, use software that provides a private, internal IM service. Cloud computing has made such services cheap and easy to use and secure.

Automate Your Small Business Data Backup

Last but not least, your security plan should include data backup provisions to ensure that your small business data can be recovered if the worst happens. According to Staples Advantage, nearly one in three telecommuters say they never back up their data -- leaving their companies vulnerable to data loss.

To resolve this problem, enable a remote backup process so that you and your employees’ work are automatically backed up to a centralized server. "It can be batch, overnight or real-time, on-demand -- just back them up, and make it so that the distributed user does not have to do anything," advises Heimerl. "Don’t rely on the user to copy information to a central repository, or to initiate a backup job."

Small Business Security: Where to Start

While it is critical to establish a security policy (even if it’s only for you) and insist on absolute adherence, it is equally important not to make the policy such an obstacle that you and your employees circumvent it just to get work done. Configure your security measures to fit the ways you and your employees actually work.

"You should first lay out the basic solution criteria, including the mode of work (mobile or in-office), the working environment (single user or networked PC), the communication relationships (dial-in or dial-out) and the mode of operation (autonomous or through a provider -- an outsourced network)," advises Rainer Enders, CTO, Americas of NCP engineering.

"There are advantages and disadvantages to every solution; it really depends on each SMB's individual security requirements and the teleworking scenario each company wants to put in place."

Pam Baker has written for numerous leading publications including, Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, the NY Times, and Knight-Ridder/McClatchy newspapers.

Small Business Computing is on Facebook. Join us on Facebook and interact with the site's editors, post messages, share your small business challenges and successes, discuss technology and suggest topics you'd like covered on Small Business Computing.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

This article was originally published on Tuesday Jul 26th 2011
Mobile Site | Full Site