In mid-May, the House of Representatives passed legislation in response to the outcry over the wholesale collection of phone records by the National Security Agency. The bill did not include some of the tougher provisions – such as the appointment of an independent public advocate to NSA’s oversight committee – but it did end NSA’s practice of collecting records from almost every American landline telephone as part of an effort to discover terrorist activity. On the other hand, the bill allows NSA to request records from the phone companies to search for terrorist connections in response to judicial orders and gives the agency access to mobile phone records –access they lacked previously.
Balancing the need for security with privacy issues has long been a major focus for social media, as well as technology giants like Google and Yahoo. Not surprisingly, the furor over NSA’s surveillance of ordinary people has left many consumers more mistrustful of the technology industry leaders, as well as government agencies. A recent study by the Princeton Survey Research Associates International showed that more than one-third of the Americans polled thought NSA would violate their privacy. Facebook (with 26 percent) was in second place; the IRS was next (18 percent); with Google logging in at 12 percent. In another survey conducted by Harris Poll, more than half of the respondents said they are more cautious about what they do and say on the Internet. Though some gloom and doom commentators are wringing their hands over the implications for e-commerce, most industry experts believe that the NSA disclosures will encourage consumers to use established e-commerce sites and avoid smaller, less well-known entities.
Keeping Your Network Secure
With consumer suspicions on high alert, it’s a good time for small business owners to revamp their security in order to address customers’ security questions with confidence. First, invest in a comprehensive and up-to-date security suite with layers of anti-virus, anti-phishing, and firewall capabilities. Next, make sure your security system is linked to a cloud-based service that stays on top of malware news and offers automatic update features that are always turned on to keep current.
Limit access to the administrator account. This is the all-important function that can change or modify configurations on your internal network. Malware coming in through this account can severely compromise and wreak havoc throughout your entire system. If you are responsible for the administrator account, create and employ a non-privileged user account for daily web activities, email, and document creation. Also, make any network changes from within your internal network – do not use mobile devices to perform remote administration.
Use a commercial Domain Name System provider or an open source provider. It is vital that your domain and its IP address are fully protected and can block access to dubious websites. You may have started out with a simple ISP DNS provider, but business today requires the safeguards of systems designed to support e-business.
Finally, keep work systems separate from home/leisure systems. Provide employees (and yourself) with iPads, laptops, and other devices for work use only. Keep work correspondence directed to your office email and personal email directed to your non-work address.