When IT Security Equals Profits

With the U.S. in a recession, many companies are cutting back in order to save costs. Small businesses have been hit particularly hard, thanks to fewer resources and already-tight budgets. And while it makes sense to cut back due to the financial climate, David Kelleher, a research analyst with email security provider GFI of Cary, North Carolina says IT security is one area that should be left alone, or even beefed up, right now.

“Security is a cost of doing business, and not an item on a checklist that can be added or removed as needed,” says Kelleher. Consider the fact that the economic downturn has created a “fear factor” that can lead cyber-criminals to hit even harder, with threats coming from both domestic sources and from overseas.

In its Annual Threat Report & 2009 Forecast, for example, Cupertino, California-based Trend Micro, says security researchers are seeing virus wars, worm wars, and botnet wars due to increasing competition for financial gains from phishing and fraud. “Look for growing competition between Eastern Europe and China,” the company reports, “to determine which country’s crooks will be the first to include the latest exploits in their exploit kits.”

While the need for ongoing IT security is clear, it can leave the small business owner scratching his or her head over how to justify the investment in a security tool when the entire company is in cost-cutting mode. The good news, according to Kelleher, is that taking proactive steps to protect your data, and that of your customers and business partners, doesn’t have to be expensive. In fact, it can help boost profitability for firms that are proactive about their IT security. Here are six ways to make sure your company falls into that category:

Determine Vulnerability
Conduct an extensive audit of all security measures in place (that includes all hardware, software and other devices, such as flash drives), and the privileges and file permissions given to all employees. “Event logs are an important, but often neglected, source of security information,” says Kelleher, who advises firms to frequently test the security of the storage environment by checking the network logs, security controls (such as firewalls), user IDs and access logs, to see if anything was discovered and highlighted as a possible security breach.