Small-business owners are usually aware of network security and management issues, thanks to the proliferation of viruses, worms, and other malware. Most people I meet know that they should not click on attachments to emails from unrecognized sources and that they need anti-virus software. But beyond that, things get a little fuzzy. Does clicking on an infected email message cause a virus attack or do you actually have to open the attachment? If your router has a firewall, do you still need a software firewall? Are two anti-virus programs better than one? How often do you need to backup your data? What are the chances of a hacker cracking your Windows password?

Such questions are common. In part, such confusion arises because small businesses often do not have full-fledged IT departments. Their owners wear the network administrator’s hat from time-to-time. Most makeshift administrators acquire their expertise by reading introductory books and magazine articles, and by talking to people more knowledgeable than they are. As a result, their knowledge is haphazard, often has gaps, and the security schemes they design are full of holes. The “security” they implement does little more than providing a false sense of security. These are the kind of folks who call me in the middle of the night with frantic pleas to “fix” whatever the problem of the hour might be.

At the other end of the spectrum, I have a client who runs a money management business. When I first met him, his knowledge of computers was just about average — enough to get a general idea of what I was talking about, but not deep enough. With the help of his three employees, he had put together a rudimentary network with a Windows NT file server, three desktop computers, and a Netgear wireless router. Most people would simply have proceeded to use it, but this guy did something unusual. He hired me to secure his network and write up various operational policies to keep it secure. I configured his network, installed all the necessary software, and wrote up the policy documents he had asked for. I went over the details with him and we practiced the operating procedures together for a couple of days. By the time we were done him, he had become competent enough to manage his network. He is no network expert, but he certainly knows what procedures he must follow to maintain his network and, more importantly, WHY he should follow them. He never calls me with problems that need to be fixed right away. We meet once a year to go over his set up. I make a few suggestions or tweak a few settings. Other than that, he pretty much manages his network himself. He spends a lot less on my services and I get a many more hours of sleep, which makes both of us happy.

Managing a small network is not rocket science. Anyone with determination can learn the essentials of administering small networks fairly quickly. But it does take effort and the willingness to keep current with the latest in the technology arena in order to manage a network efficiently. If your knowledge of computers is largely self-acquired, it is a good idea to follow my client’s example and hire a professional to introduce you to the best practices.

Here is a list of common security related tasks that you may need professional help with:

1. Install and configure firewall routers: To most people, routers are thingamajigs with antennae which their broadband service provider ships to them. Most come with a built-in “true” firewall. They are fairly simple to install — plug in the power cable, plug in a phone cable, and plug in the network cables. You can do this yourself. But if you don’t know what a port means or what the expanded form of UPnP is, it is time to call for help. Installing a router is the easy part, configuring the firewall correctly is a lot harder.
   
   Make sure that the free router you get does have a true firewall. If not, it is prudent to buy one with a true firewall and use it instead of the free box. If you don’t know what a true firewall is or what it does, run and ask someone who does.
   
   If your router has wireless capability, you must understand how its security features work. Securing wireless routers is often not understood very well even by professionals. If you don’t understand the documentation, get help.
   
   


2. Install a software firewall: Even if you have a hardware firewall, a software firewall is recommended. In simple terms, think of a hardware firewall as a barrier that prevents bad stuff from coming into your network and a software firewall as the gatekeeper that prevents malicious applications from sending sensitive information out of your network. Again, as is the case with hardware firewalls, the configuration is the hard part. I have seen countless firewalls that aren’t configured to protect against anything. If you don’t understand how to configure your firewall, get help. Don’t just click on the red and green pop-ups.
   
   


3. Install anti-everything: You need anti-virus and anti-spyware software. Installing it is pretty simple — you simply have to click on the install button that appears when you pop the CD in. If you think that two of each are better than one, it is a sure sign that you need professional help. But in general, this is one task that you can do yourself. Avoid installing separate anti-virus and anti-spyware applications; choose suites that have both applications as well as a software firewall instead. More importantly, choose the same suite for all your machines – don’t install McAfee on one computer and Norton on another. It will make your life a lot easier.
   
   


4. Set up a Virtual Private Network(VPN): Don’t even think about it. Just hire help.
   
   


5. Design backup policies and procedures: It is fairly easy to follow procedures once you understand the best practices. Ask a professional to create appropriate folders on your computers explain the backup procedure to you. Once you fully understand how backups should be maintained (and possibly restored), you can do them yourself.
   
   


6. Design computer usage, online access and Internet usage policies: Enforcing good usage habits for practices such as strong passwords, spam reduction and Internet access is a lot easier if you have them in black and white. Hire help to get the policies written. Enforcing them is simply a ringmaster’s job; you would have little difficulty with it.

Simply having the latest and most expensive security tools serves little purpose if you don’t know how to use them. Now is the time to learn more about and get some guidance on keeping your network secure. You will be glad you did.