Case Studies

Risky Business

IT security doesn't have to break the bank. A strong risk assessment and strategically chosen tools can keep small businesses safe and on budget.
This story appears in the March 2005 issue of BizTech Magazine.
Nick Ferguson, IT manager, Peregrine Pharmaceuticals

How long could your company survive without its most critical server?

When Nick Ferguson, IT manager at Tustin, Calif.-based Peregrine Pharmaceuticals, posed that question to department heads, he was surprised by the answer: The server that handles Peregrine's finance application could sit idle for five days before negatively affecting the business. "Five days is a huge amount of time to be down, but that gives us five days to get hardware replaced and up," he says.

Viruses, denial-of-service attacks, spyware, phishing schemes—even major corporations with their armies of IT pros and state-of-the-art tools have a hard time keeping up with the growing list of cyber-threats. Small businesses need to identify their unique vulnerabilities and arm themselves with the appropriate tools. "It all comes down to having a strong risk analysis in place," says Ferguson.

Most organizations conduct some form of economic evaluation of their security expenditures, according to the 2004 Computer ­Security Institute (CSI)/FBI Computer Crime and Security Survey. And the numbers add up. Security breaches cost each of the U.S. businesses surveyed $141 million in one year, according to the 2004 report. That's down from nearly $202 million, as reported in the 2003 survey, due to increased IT security measures by businesses.

"Companies need to budget technology into their finances," says Aaron Tuomala, data communications manager at Bowermaster & Associates, a commercial and personal insurance agency in Downey, ­Calif. "It can be a big initial investment, but you soon see the return."

Recognizing Weaknesses

The Sarbanes-Oxley Act prodded Peregrine to analyze the numbers behind its IT security measures. Like the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act sets a minimum security bar that companies must meet to protect financial data.

"It's cumbersome," says Ferguson, whose IT department has been buried under paperwork as it tries to document all its processes.

But the exercise has helped him tighten company security. Is Peregrine immune to attack? No. But he knows which servers need the greatest protection and, thanks to clearly documented IT policies, he can spot irregularities and act immediately.

Through the risk-assessment process, Ferguson learned that removing terminated employees from the network took days although they were always immediately classified as inactive users. Now all processes are time- and date-stamped and require management sign-off.

Identifying IT risks and documenting processes, he adds, "have helped other departments in the company realize that IT plays a critical role."

Staying Focused

For most businesses, Web-filtering tools combined with intrusion detection and prevention systems make sense. But White House Custom Colour uses a different system.

Computers at the St. Paul, Minn.-based photography lab aren't assigned to each employee. Instead, a bank of machines is available when employees need them, often for just minutes at a time.

IT Takeaway
Conduct a risk analysis to determine what's truly mission-critical.
Document processes so that all staffers understand how to address problems.
Deploy antivirus protection at network end-points computers, servers, gateways and firewalls.

Since employees don't have much opportunity to surf the Web, IT Director Chris Hanline doesn't worry about Internet-based worms. But with files constantly being e-mailed to and from clients, he does worry about infected attachments. "I'm most scared of some sort of e-mail virus," says Hanline. "I try to keep everything patched and up to date."

Knowing that e-mail viruses are his biggest vulnerability, Hanline has invested in a server to scan files at the gateway. A Cisco firewall and constant reminders to employees about safe e-mail practices help him sleep better at night.

It's up to technology chiefs like Hanline to present business leaders with a coherent picture of specific threats facing companies and a list of strategic IT security tools to alleviate those threats.

"Don't cut corners on that stuff," advises Hanline. "Some things are definitely worth the money."

Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.