Data Security 101 For Small Businesses

Finally! A smart, simple, plain English step-by-step guide to securing your personal data against hackers, fires, and other data-eating disasters. Secure your computer now – before the next “Melissa” hits!

[Editor’s Note: This is a very long, but very important article. Some of it (particularly the specific software recommendations) applies only to PCs running windows, but the general principles are just as important if you use Mac (as I do), Linux, or any other operating system.]

Before we get started, I want you to do a short exercise.
Please don’t just read the suggestion and go on. Actually do
this:

Go through your computer and make a list, on paper, of all the
data on your computer systems. List all the Word documents,
databases, spreadsheet files, address books, financial
records, passwords, graphic files, HTML files, cgi scripts,
text files, email accounts and files, dialup account
information, client data, source code, ebooks, faxes, and any
other file that’s of even small significance. Oh… Don’t
forget your client lists.

Then list every piece of software that’s installed on your
system, and its cost.

….

This is important. Please, make that list before reading
further. Even if you don’t use it for the purposes of this
article, it’s useful for insurance records…

….

Took a while, didn’t it?

Now imagine that someone, maybe a competitor, maybe a complete
stranger, had copies of every one of those files. Look at your
list.

Is there anything on there you’d rather not have anyone else
get their hands on?

Scary?

How about if all of your files just went away. (*Poof*)
Gone. No copies anywhere.

How long would it take to reconstruct that data? How much
would it cost? Could you do it at all?

Assuming you could reconstruct the files, what else would you
lose in the time it took to do it?

If you don’t find that thought just a bit troublesome, odds
are you don’t rely on your computer for anything but games. If
that’s the case, quit reading. You don’t really need this
information.

If you have any stake at all in maintaining your privacy or
keeping your files intact, you may be disturbed by how
vulnerable most PCs are. Very likely including your own.

We’re going to show you some ways to drastically reduce your
risk of catastrophic data loss. And to increase the level of
privacy and security of your irreplaceable files.

Please remember that NOTHING can completely protect you from
any of these problems. Odd coincidences and simultaneous
problems can catch even the most cautious of us. By using
these systems, you can cut the risk dramatically.

Also realise that not everyone has need of every type of
protection mentioned here. Consider your own needs and make
the best call for your personal situation.

….

A couple quick notes:

First, this article doesn’t pretend to be a complete recipe
for security. I haven’t made a ten year survey of all the
software in the industry, and I don’t claim that anything
mentioned here is necessarily the best thing available. But it
will do the job you need done, easily, cheaply, and
effectively.

This doesn’t even touch on security issues relating to servers
or Unix/Linux/etc systems. There’s much more in-depth info out
there for those folks than I even care to try and create.
Second, I mention a lot of software and web sites. I am not an
affiliate for any of these vendors. I make no money from these
recommendations.

….

First stop – The Basics.

Save your work regularly. Nothing is quite as annoying as
doing an hours worth of inspired work, being within minutes of
having the project done, and seeing your machine lock up.
In most programs, saving your work takes no more time than
hitting a quick keystroke combination. Even better, set up
your software, if the option is available, to autosave every
three minutes or so.

If you don’t do this now, start. It’s the most basic form of
data protection.

Also, keep incremental copies of work in progress. Save a
numbered copy for each session you work on. That way, if you
accidentally delete the entire file, you’ve only lost this
session’s work. (It happens…)

….

When did you last make a backup of your files?

The best protection you can have is frequent, multiple,
verified backups. At least one on-site backup, and one or more
off-site.

This is Computing 101. You know this stuff. But do you do it?

People lose data all the time. User error, power problems,
viruses, crackers, hardware failure, software failure, and
Brother Murphy can all rear their ugly heads. You knew that.
If you have a local backup, you probably think you’re safe.

Here’s a story with a facet you might not have considered. The
editor of one of the better email newsletters on online
marketing (many of you know him) made regular backups of all
his data. He had the system automated, so he didn’t have to
rely on memory or his schedule.

Then one day there was a small fire in his office. Wiped out
his computer. No one was hurt, but his PC was trashed. Guess
where his backups were stored?

Probably just like yours, they were on the desk. With his
computer.

Gone. Including his product files and his subscriber list.
A lot of editors and list owners in the field got together and
helped him to reconstruct his list by mentioning his problem,
and recommending that those who wanted really good information
subscribe (or resubscribe). His list was back to normal fairly
quickly. But his software and other data took a lot of time to
rebuild, and he lost a lot of income and momentum in the
process.

Last I knew, he was out of the business. I don’t know whether
the fire had anything to do with it, but it’s a fact that most
businesses that suffer catastrophic data loss go out of
business in a very short period of time after the incident.
If he had kept off-site backups, he would have lost the cost
of the computer (assuming he had no insurance) and one day of
work restoring the system. No more.

Which boat would you be in?

….

Okay, some suggestions for backup systems are in order.

If you only have a few hundred megs or less of critical data,
you can easily get away with using Zip disks. Keep one set at
home, and another somewhere else. Perhaps with a relative, or
a neighbor. This is a reliable and inexpensive way to keep
things current.

This is a very good way to handle things that can change on a
day to day basis. (Like email or subscriber lists…)

If you go this route, make sure you schedule your backups, and
stick to the schedule. If you have a lousy memory or just tend
to put things off, use one of the free email reminder
services.

http://www.rememberto.com/ allows you to schedule the same
reminder once, and have it delivered as often as you like.

….

Another option is full system backups. Tape drives with
software that automates the process are fairly inexpensive. I
don’t personally like them, because tape fails more often than
I’m comfortable with. You won’t usually know if the tape will
despool or simply fail in the backup process until you
actually need it. That’s a bit too late for my tastes.

Many people use tape backups and find them perfectly reliable.
If you go this route, make sure you test the system you get
before betting your business on it.

I prefer CD backups, personally. You can burn the base install
CD(s), so you can put your system back in its preferred
configuration, and then just periodically update the data
backups. With CD-RW media (rewritable CDs) you can do this at
very low cost.

Again, CDs fail occasionally. I haven’t run into this often,
but it’s still a possibility. Test it to make sure the data is
readable before assuming you’re covered.

CDs have additional benefits. You can carry them easily, and
not need special equipment to read them and access your data
when on the road. They’re cheap to mail if you want to send
them to someone else for storage. And they aren’t as fussy as
magnetic media about how they’re stored. (Don’t put them in
the garage in the winter or summer, though…)

A CD burner (CD-RW drive) should run under $200-250, and is a
useful thing to have as a business tool, in addition to being
a solid backup system. There’s no reason your backup system
can’t also be a profit maker.

….

One small caveat: Anything written to a CD has the Read Only
bit set. When you copy it back to your PC, this bit stays set,
and you won’t be able to change the files until you fix that.
To correct the problem on a Windows system, just right click
on the file you want to edit, and select Properties from the
menu that comes up. On the General tab of the screen that pops
up will be a check box labeled Read-Only. Uncheck that box,
click Apply, and then click OK. You’re all set.

You can fix the problem for whole directories of files, by
highlighting the entire list (or part of it) and doing the
same thing. One operation.

….

For a quickly accessed on-site backup, a good option is a
second hard drive. Most people who go this route use mirroring
systems.

Mirroring setups are fine, assuming you don’t experience a
major electrical problem or a fire. They have the unfortunate
problem of giving people the sense that they’re completely
secure, so they don’t do other backups. Better than nothing,
but not the best.

A slightly different approach is to have a detachable hard
drive. I found one recently that’s quite up to the task. The
BUSlink USB hard drive. http://www.buslink.com/

They range in size from 6-27 gigabytes. I got the 13 gigabyte
model for $269. If you have USB support on your system, this
is a great option.

I came home from a trip and found the order waiting for me.
Perfect timing. After opening the box, it took me all of three
minutes to install the software, hook up the drive, and start
transferring my email to the BUSlink from my laptop. Same time
for the main PC. Syncing my email after being out of town was
never so easy.

(Note: BUSlink now has a USB cable that can be used
to transfer data directly between two USB-capable
computers directly, at speeds that seriously outrun
LapLink and similar systems. It’s $49, and a great
idea for you road warriors.)

The BUSlink comes with software that lets you do automatic
backups on a preset schedule. If you have a UPS
(uninterruptible power supply) in place, this is a very good
option. If not, or if you turn your computer off at times that
might coincide with your backup schedule, consider doing the
backups manually.

This can be a lot easier than it sounds. Set up your data so
that the main files are kept in one partition or directory. I
call mine “Data”. I just drag that, my entire email directory,
and a few program directories with important files to the
BUSlink, and it’s done. If you don’t have a UPS, turn the
drive off when you’re not using it. That will reduce the
chance of losing that data to power outages or voltage spikes.
However you do it, make sure you do it on a regular basis. How
often will depend on how much change occurs in your important
files on a weekly or daily basis.

….

In addition to using tangible media for off-site backups, you
have the option of backing your data up online. Essentially, you
connect to the Internet and upload your data to a remote system
for safe keeping. There are plenty of online backup sites to
ensure the protection of your data.

There are a number of companies offering this option at quite
reasonable prices. Some of them are:

  • http://www.backup.net/ (Offers a 2 User version free. Varying
    prices for larger setups.)
  • http://www.backjack.com/ (For the Mac. $9.95/mo for 40 megs of
    compressed space. Pricing goes up from there.)
  • http://www.backup.com/ (Called @Backup. 100 megs of storage
    costs $99/year.)
  • http://www.connected.com/ (Unlimited file storage. This system
    only updates the backups of changed portions of files.
    $19.95/mo. They offer good encryption and compression. Much
    faster than @Backup.)
  • http://www.atrieva.com/ (10 megs free. $9.99/month for 100
    megs. $14.99 for 1 gig. Good encryption and compression.
    Updates all selected files completely, regardless of changes.)
    This may be the ideal solution for people or companies with a
    full time connection to the net, or who want to be able to do
    their backups without physically carrying them somewhere off-
    site.

 

Just make sure you keep backups of your configuration for the
backup software. 😉

….

There are also free storage options online. They’re not as
secure, but if you don’t keep particularly sensitive data, or
if you encrypt it before uploading, they’re reasonable
solutions.

  • Driveway – http://www.driveway.com/ – 100 megs
  • X:Drive – http://www.xdrive.com/ – 100 megs
  • FreeDrive – http://www.freedrive.com/ 50 megsTo use these, you’ll want to learn to use to upload files
    using FTP, if you don’t know how already. Check
    http://www.download.com/ for a program that works on your
    operating system. There are some very good free FTP programs
    for pretty much every platform, if your budget is strapped.
    Using compression software like Zip or Sit will let you store
    roughly three times as much data in these virtual drives.

    ….

    Okay. You’ve got options ranging from robust and reasonable to
    free and easy. You now have no excuse for not making regular
    backups. AND keeping a set off-site.

    Take another look at that list of data files. Which looks
    easier to deal with?

    Backups, or data loss?

    ….

    Almost everyone has a surge suppressor. (You know, those power
    strips that you got more for the extra outlets than for the
    protection?)

    They’re better than nothing, but they won’t do much in case of
    a power outage or drop in voltage, which can be just as bad.
    50% of data loss is due to power fluctuations. The number of
    hardware problems due to the same thing is probably just as
    high. Surge protectors will only help with part of those
    problems.

    I strongly recommend getting an uninterruptible power supply
    (UPS). A UPS will allow you to save your work and shut down
    your computer properly in case of a power loss, as well as
    ensuring that the power flow is smooth and consistent in case
    of spikes or brownouts. Virtually all of them also offer
    protection from phone line surges, which can wipe out a modem
    easily.

    TrippLite makes a great UPS that can even shut down the
    machine properly if the power goes out when you’re not there
    to handle the outage. You can get these for as little as $119
    at most computer hardware stores.

    What’s worse than losing all your data?

    Losing all your data because your computer was fried.

    ….

    Ahhh, viruses.

    If anyone had any doubt about the ability of viruses to wreak
    havok, Melissa should have cured that. But, of course, it
    didn’t.

    Viruses can do all sorts of interesting things. They can send
    email to everyone in your address book. They can email your
    entire addressbook to someone else. They can make your
    computer do all manner of odd things. They can wipe out your
    data files, or even format your hard drive.

    They can even plant RATs in your system.

    RAT is short for Remote Access Trojan. These nifty little
    virtual gizmos are the cracker’s equivalent of the remote
    control. We’ll explain more about the dangers of RATs in the
    section on firewalls.

    Note: Cracker is the right word. A hacker, despite
    the media’s misuse of the word, is not a malicious
    person who’ll try to abuse strangers. Hacker is a
    term of respect. Crackers are the creeps that play
    these nasty games.

    ….

    So, how does your computer get viruses?

    It’s amazingly easy, actually. Any time you run code that you
    got from someone else, you run *some* risk of getting a virus.
    With commercial software obtained directly from the
    manufacturer, the risk is minimal. Still there, but minimal.

    There are other ways, but these account for the vast majority
    of cases:
    * Loading files with macros without checking for viruses. This
    is probably the most common these days. There are thousands of
    macro viruses out there that are spread through sharing of
    Word documents, Excel spreadsheets, etc.
    * Downloading and running many games that are distributed
    through private sites. (The major download sites are usually
    pretty safe.)
    * Opening infected emails in an HTML capable mail reader
    without having disabled ActiveX and the like. (Yes, Virginia,
    you CAN get a virus just from reading an email. If your system
    is set up wrong.)
    * Running programs that are sent to you as attachments.
    * Downloading and running pirated software. (If that’s how you
    got it, you deserve it!)

    Have you ever done any of those?

    ….

    So, how do you NOT get viruses? It’s pretty easy, actually.

    Just use some simple, common sense steps.

    1. NEVER run programs that are sent to you as attachments,
    unless you know and trust the sender, AND KNOW THE PROGRAM IS
    BEING SENT BEFOREHAND. Even then, be suspicious. Your friends
    won’t deliberately send you an infected file, but do you know
    how secure their system is?

    If you weren’t told the program was coming, don’t run it no
    matter who sent it. There are new viruses out all the time
    that attach themselves to emails as their method of
    propagation. The “senders” usually don’t even know the
    attachment exists.

    2. For Word, Excel, and any other software that uses macros,
    get paranoid. Go to the Macros menu item, and select the
    Security option. Set it to high, and refuse to run any macros
    except from those sources you designate as “Trusted.”

    The vast majority of users won’t be affected by this at all.
    Most of us don’t use macros in our documents.

    3. Ask people who need to send you documents to use .rtf (Rich
    Text Format) instead of .doc format. In most cases this will
    give exactly the same results and appearance. And RTF files
    can’t spread viruses.

    If they don’t know how to do this, explain it. When they save
    the file, they simply choose Rich Text Format from the “Save
    as type” options instead of accepting the default .doc format.
    Another advantage is that RTF files are generally readable on
    any platform. Handy for dealing with people who may not have
    exactly the same programs that you use.

    Oh yeah… Send documents in this format yourself whenever
    feasible. 😉

    4. Turn off the ability of your HTML capable email software to
    run ActiveX or other code without asking first. And then only
    allow it when you know the sender. (Hint: How many people do
    you know who write email containing ActiveX or other
    scripting… ?)

    5. Get a good anti-virus program.

    Update it regularly.

    Run it all the time.

    Good anti-virus software is no longer a paranoid’s indulgence.

    It’s a necessity.

    You’ll want to set it to the highest security you can live
    with. If you get huge amounts of email and have a slow machine
    you may not want to tell it to scan every email that’s
    downloaded, but you’ll probably want every other option
    checked.

    Yes, it will slow things down a small amount. In most cases,
    you’ll never notice it. If it gets too bad, you can disable
    the less important options, like scanning inside zip files.
    You don’t need to scan your drives every time you boot up the
    machine, of course. But do it occasionally to be safe.
    Updating your AV software frequently is a must. There are tens
    of thousands of viruses out there, and more developed all the
    time. It does you no good to have the software if it’s not
    current.

    Even with the best AV software, you still want to keep other
    security measures in place. These programs don’t work on a
    virus until the developers know the virus exists. And
    frequently they don’t know until shortly AFTER a major
    outbreak.

    Melissa was a great example of this.

    ….

    Two of the better anti-virus programs are:

  • Panda Anti-Virus, from http://www.pandasoftware.com/
  • Norton Anti-Virus, from http://www.symantec.com/I don’t recommend McAfee. It’s entirely too much trouble when
    there are more convenient options that provide the same
    protection.

    With any anti-virus software, you can encounter occasional
    problems. It’s an unfortunate but necessary part of the way
    the programs work. Some legitimate commercial programs may be
    treated as viruses, some hardware will have trouble, etc.

    Usually these programs will mention the potential trouble
    somewhere in their documentation. If you try installing
    software from commercially purchased CDs or from trusted
    download sites and have trouble, try the install after turning
    off the AV program.

    ….

    There’s at least one “virus” that can affect your system
    without you downloading anything, opening any programs, or
    reading any infected emails. All you need to do is run a
    computer that’s connected to the Internet that has a shared
    drive which doesn’t require a password for write access.

    Isn’t that fun? Just being connected can be a security risk!
    This one scans the net looking for machines with the right
    vulnerabilities, and writes itself to the system when it finds
    one. The effects of this virus sound like something from one
    of those hoaxes that are forever going around.
    * It spreads without any action on your part.
    * It can delete everything in your C:\Windows directory and
    sub-directories, and C:\.
    * It uses your modem to dial 911….

    Yeah. Can you believe that last one? The cretin who wrote this
    needs to be thrown in jail for life. Tying up emergency
    services like that could result in deaths.

    Fortunately, this is found in a very limited area so far. The
    only “sightings in the wild” have been in the Houston, TX
    area. And yes, it’s confirmed. See:
    http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html
    Or the FBI’s advisory, at:
    http://www.nipc.gov/nipc/advis00-038.htm

    This is the first virus that propagates this way. You can bet
    it won’t be the last. And future ones will exploit more and
    more obscure weaknesses in common PC setups.

    ….

    If that doesn’t scare you, the RATs should.

    I mentioned RATs (Remote Access Trojans) in the virus section.
    Technically, they’re not viruses, but most anti-virus software
    (all the good ones) includes protection from known RAT
    programs. At least the ones that are propagated like viruses.

    A RAT is an interesting thing. Once planted on your system, it
    allows anyone with the control software to do all sorts of fun
    stuff with your machine, including downloading any files they
    like, deleting files, formatting your drives, running
    programs, talking through your speakers, even opening and
    closing the CD tray.

    There was a story in Reader’s Digest recently about
    cyberstalkers. It described a case where a woman was being
    stalked, and was stunned at the things the stalker knew about
    her. She was REALLY scared when he claimed he could get to her
    at any time, and popped open her CD tray as he said it.

    The woman’s machine was infected with a RAT. Plain and simple.
    Earlier I asked if there was any data at all on your machine
    that you’d rather NOT get into the hands of someone else…
    How do you feel about that now?

    ….

    Another variant of RAT can be triggered to send data to a
    specific site. With sufficient numbers of infected computers
    being triggered, all pointed at one system, the traffic
    generated can bring down even the most robustly connected
    servers.

    This is the type of distributed denial of service attack
    (DDoS) that recently hit some of the biggest sites on the net.
    And your computer could have helped in the attack.
    Are you getting mad yet?

    ….

    These are not particularly uncommon programs. There are many
    thousands of machines infected with this sort of trojan. And
    the control software can be found by anyone with the desire to
    look.

    So, how do they trigger them, and what can you do about it?
    To trigger them, all they need to do is scan the net until
    they find a machine that responds on a specific port that the
    RATs are programmed to listen to. This is the virtual
    equivalent of walking down the street and checking to see
    which homes have full mailboxes, piles of newspapers that
    haven’t been brought in, or other signs that the tenants are
    absent.

    It’s literally no more difficult than using Find or Sherlock
    to locate a file on your system.

    Once they find the infected machine, they send their commands
    to the RAT, and it runs them just as though the operator was
    sitting right at your keyboard.

    In six hours online yesterday, there were over 50 attempts to
    connect to ports on my system. Many of these were undoubtedly
    harmless. Some may even have been attempts by my ISP to locate
    unauthorised use of the service in ways that compromise their
    security. A fair number were, at the least, suspicious.
    18 of them attempted to connect to Port 12345.

    Port 12345 is the port that is used to control NetBus. NetBus
    is a VERY common RAT.

    3 attempts per hour to connect to a RAT. All from different
    sources. Just on my IP address at my small local ISP.

    If that’s typical, then there were over 50,000 attempts PER
    HOUR across the net yesterday, just on that port. (One person
    can scan a lot of space in a short period…)

    Do you suppose that any of those people are up to anything
    benevolent?

    If that doesn’t make you mad enough to tear the mask off a
    raccoon, you need to talk to your doctor about reducing your
    medications…

    ….

    So, how do you stop them?

    Simple. Install a firewall.

    [Long pause]

    I heard that!

    “Oh no! A firewall? That’s major techno-mojo!”

    Yoda say: “Difficult not. Easy it is.”

    (At least for Windoze. If any of you know of a
    good personal firewall for the Mac, send me the
    details and I’ll add it to future revisions of
    this article, with much gratitude.)

    My first firewall software was BlackIce, from
    http://www.networkice.com/ . If you like rules and
    configuration and lots of techno-babble, BlackIce is a very
    useful, reasonably priced tool. (Under $50) It’s not the
    simplest thing ever created, but not particularly tough
    either. There are better solutions for those of us who just
    want good, no-hassle protection for our systems.

    The better solution? ZoneAlarm, from http://www.zonelabs.com/
    This program is a dream. It has to be. Nothing this good is
    this easy in real life. It’s fairly small, simple to install,
    and reputed to be the best personal firewall on the market.
    And it’s free? I was sure it was a joke. (After all, it’s a
    Windoze program!)

    No joke, young Skywalker.

    You can set different levels of security for local and
    Internet connections. You can control which software is
    allowed to connect to the Internet, and keep strangers on the
    net from connecting to you. That’s the big key.

    You can lock all Internet access, both ways. You can allow or
    disallow the functioning of servers on your system. You can
    add IP addresses and subnets to the program’s definition of
    “local.” You can allow specific programs to act as servers.
    This last is necessary for things like NetMeeting and Norton
    Anti-Virus’ Live Update. Probably for ICQ as well, although
    ICQ has its own set of security holes…

    You can even turn off the alerts that let you know every time
    there’s an attempt to connect to your system, if you get bored
    or annoyed with them.

    For all practical purposes, when this software is running,
    your machine doesn’t exist to scanners. They literally don’t
    even see a computer on your IP address.

    I don’t for a minute believe that this is perfect protection.

    I would guess that allowing connections for multi-purpose,
    server-style software like ICQ or Instant Messenger could
    introduce some neat holes that people could do their dirty
    work through, for example.

    Still, if you’re using ZoneAlarm and only running your
    emailer, browser, or other non-server programs, you’re so far
    ahead of the game it’s silly.

    Combine these various security measures, and you’re golden.

    ….

    A few more small points.

    The most common way for people to get access to your private
    data is still by physical intrusion. Actually having access to
    your computer. If you aren’t sure about the physical security
    of your machine, you may want to address that.

    One way that works quite well is to lock up disks that contain
    sensitive data. Yes, good old fashioned locks have their place
    in this high-tech world.

    Another (and more foolproof) way is to encrypt it. The
    ultimate software for this is PGP. It’s free for personal use,
    and available from http://www.pgp.com/

    PGP also has plug-ins that allow it to be used in sending
    encrypted email that’s so tough the NSA supposedly can’t break
    it. Very useful if you think your email is being sniffed,
    snooped, or otherwise covertly monitored. Or if you just like
    the idea of personal privacy. (Now who cares about THAT???)

    It’s currently illegal for PGP to be exported from the US.
    That’s hardly an issue, since there are versions available
    that were created outside the US, and which can be found and
    used legally by almost anyone in the world. (It’s still
    illegal in France. Can you believe that?)

    If you use PGP, it’s absolutely critical that you make backups
    of your public and private keys, and store them someplace
    safe. And pick a passcode that you will always remember, but
    which isn’t too obvious. NEVER write down your passcode
    anywhere. If you lose those keys or your passcode, the
    encrypted files are just random drivel, and will stay that
    way.

    ….

    Watch out for people picking up your passwords by “shoulder
    surfing.” (Watching as you type them in somewhere.)

    ….

    Use passwords that are 8 or more characters in length, and
    which contain both letters and numbers. These are much harder
    for password crackers to break.

    ….

    Don’t write your passwords on Post-Its and stick them to your
    monitor. If you have to write them down, keep the copy
    somewhere separate from your computer.

    Don’t put your passwords all in one file and then call it
    passwords.txt. (Yes, I’ve seen this!) Here’s a trick for you
    if you want to keep your passwords in a text file on your
    computer. Give it an obscure name, with a different extension.
    I used to keep mine in a text file called logo12.gif in my web
    graphics directory. There were 11 real logo files there, along
    with hundreds of other graphics, so this was pretty low risk.
    This approach is called “security by obscurity.”

    ….

    Above all, use common sense.

    An example: While I’m a bit of a bug about backups, I could
    easily get by just backing up my email and a few databases. My
    work is almost all writing, and that’s delivered to clients as
    soon as it’s completed. At that point, backups are a customer
    service issue, not a security problem.

    Consider the actual needs of your situation when deciding on
    what measures to employ. Don’t create major time and expense
    protecting Mom’s secret prune dumpling recipe, unless it’s
    AWFULLY good.

    In most cases, the bad guys aren’t looking for you personally.
    (This may not be true if you’re on a fixed IP system, like a
    cable modem.) They’re looking for any and all systems they can
    exploit.

    Don’t get paranoid.

    ….

    Again, this isn’t an exhaustive list. You need to look at your
    own situation and consider your personal needs when coming up
    with a solid data security strategy.

    It’s not the sexiest part of doing business online, but if you
    neglect it, it WILL come back and bite you at some point.

    Take care of it with a little forethought, and those stories
    you hear from other people about their disasters will stay
    with other people. You’ll just happily hum along, doing
    business as usual no matter what comes your way.

    Isn’t that a nice thought?

    This article was originally published in TalkBiz News, the
    newsletter of “Hard Core How-To For Small Business.” To subscribe, send any email to mailto:subscribe@talkbiz.com You may forward this article to anyone you want, as long as you send them the whole thing. Or, just send them the email address and let them request it themselves. The address to get a copy of this article is mailto:security@talkbiz.com