Tech media outlets have been buzzing for days about the drama surrounding the case of an iPhone 5 that went missing when an Apple employee left it at a San Francisco tequila bar. Sound like a familiar scenario? It is. Back in April 2010 the same thing happened when someone left an iPhone 4 prototype at a Bay Area beer garden. READ MORE
On Wednesday, California governor Jerry Brown signed a law that requires online retailers to collect sales tax from CA residents even if the companies have no brick-and-mortar presence in the state. It’s another example of the so-called “Amazon Tax,” which circumvents the brick-and-mortar statute of federal law by declaring CA-based affiliates–say, a personal blog linking out to Amazon or Drugstore.com products for a small slice of any sale action–as a physical presence. READ MORE
After announcing the iCloud, iOS 5, and OS X Lion at the Worldwide Developer Conference yesterday, Apple CEO Steve Jobs closed the keynote with a shot of the company’s new iDataCenter, which many view as the key to Apple’s lofty new cloud infrastructure. READ MORE
K&W Cafeterias, a chain of 33 cafeteria-style restaurants based in Winston-Salem, N.C., has been operating for nearly 71 years with a paper-based system for ordering food and other supplies. Tom Hutchens, senior PC/network support technician, tells IncTechnology.com that secure virtual private network (VPN) technology enabled each cafeteria to place orders directly into the company’s purchasing database. Elizabeth Wasserman: How does a chain of cafeterias use information technology? Tom Hutchens: Within the cafeteria, we do a lot of work with point of sale hardware and software. We have networks both internal at the stores, internal at the home office, and a wide area network encompassing the stores and home office. We have security surveillance systems in the stores and real-time reporting on sales and item counts. Wasserman: What led you to install VPN technology? Hutchens: The reason we turned to VPN was we wanted our stores to be able to place orders to our suppliers pretty much directly into our database without having to call up like in the old days. Each store used to have to call up to the purchasing department or do a paper order and fax that in. The purchasing department would then have to key those in to our IBM AS400 database server, which holds all of our accounting databases. We wanted to get rid of having to use paper and we wanted to streamline our ordering system. The only way we could do that is to let stores input orders into the system directly. In about half of our stores, we also have a closed circuit TV system, CCTV. It’s a digital-based DVR system that basically means you have a bunch of cameras and they record onto a hard drive and then you’re able to save a great quantity of data. It’s larger than video tapes or CDs. It has a Web interface on the back end and you can go into each one in each store and see what’s going on in the store. We can do this from home or the office. We log in to our VPN and go to each store to track incidents and accidents. Wasserman: What did you decide to do? Hutchens: The way we figured it would work best was to use VPN so that our stores could connect to the K&W network. For the cost, that was the best technology and, we’re finding today that it’s still the best way to continue to do our ordering. We turned to a local company, Secure Design, which does all of our managed services work, for the VPN service. Wasserman: What have the results been? Hutchens: It’s been great for us. The orders now come in over the computer. The time involved as far as ordering everything has been greatly reduced. We don’t have to worry about having someone keying in anything anymore. We’s been able to cut down on paper and on work hours at the store levels. Our purchasing department is only a two-person department. Most of their time now, where an order is concerned, is spent fixing mistakes — you know when someone with a fat finger puts in a wrong number. It’s definitely cut down on the time it takes to get these orders done. It’s cut down on mistakes and misreads. And it’s cut down on a lot of theft and insurance claims. Through the security systems, we can catch accidents that happen or catch people stealing from us. It’s paid for itself.
Security was little more than an afterthought for the original designers of the Internet. Networks were either cordoned off, private and secure, or fully open to the public. But network security is a critical concern for businesses these days. IT managers and, in smaller businesses, the owners themselves must balance access and functionality against reliability and the need to safeguard data. Taking time to prioritize your network security needs and understanding best practices to ward off threats is essential. For most IT managers, the approach involves both technology and employees. The technology There are several smart steps IT managers can take, say experts. These will minimize your network risks: Configure your firewall or hire someone else to do so. Most small businesses run the firewall set just as it came from the factory, and most firewalls are set to let everything go out, says Luke Walling, founder of North Carolina-based Walling Data, an IT outsourcing, management and support firm. Make sure your firewall limits attempts to connect to suspect service ports. Also, says Walling, consider an additional stand-alone device, such as those manufactured by Cymphonix, to filter content and block attempts to bypass your firewall. Protect in depth. It’s not enough to protect at the network level. Make sure each workstation is also protected against spyware, malware and viruses. Understand your limitations. Frequently, small businesses don’t maintain security software, says Michael Davis, CEO of Savid Technologies, a security consulting company in suburban Chicago. “Pick a technology that is auto-updated or easily and inexpensively updated.” Run a separate network. Consider segregating sensitive data on a network that has no connections to the outside world. Use effective logging data. Log management doesn’t have to be a headache for small to medium businesses, says Davis. For instance, Splunk is a free open source management tool handling limited amounts of data each day. “It can help you when you have an actual incident,’’ Davis says. Manage portable devices. Lost laptops, USB drives, and other portable devices comprise one of the biggest security threats today. Using encryption for portable devices and even limiting USB capability on workstations can minimize threats. Some government agencies go so far as to place epoxy in the USB ports on computers. The human factor Black Monday, the Monday after Thanksgiving noted for an explosion in cyber sales, got its name for good reason. Before the widespread advent of fast, home Internet connections, employees returned to work and shopped at will on their workstation computers. Employees don’t often recognize boundaries and limitations when it comes to workplace computer use, says Walling. “The typical person walks into work and uses the computer just as they would at home,’’ Walling says. “The biggest single hindrance is any single business is the fact that people don’t understand what they’re doing could be a threat.” Managing the human factor takes a four-pronged approach, say experts. Define limitations. “The balance between functionality and security is constantly getting worse as the number of things people want to do with their computer increases,’’ says Paul Kocher, president of Cryptography Research, a San Francisco-based data security firm. “Are users allowed to be able to go to any website they want? Watch YouTube during the day? Should users have any access to the Internet during the day?” Define an acceptable use policy, a step most small businesses don’t take, says Walling. Educate employees. Firewalls work, says Davis. Most threats to your network security will come at your employees’ workstations, as they download that funny video or screensaver or click on that url in an email. Attacks are so slick these days that even sophisticated users can be easily fooled, points out Davis. He cites the example of a supposed draft of an earning announcement supposedly sent from the CEO of a large corporation to company executives. The e-mail included a Powerpoint presentation using the corporate template, but it was fictitious. When executives opened the attachment, the company network was compromised. Communicate regularly. Have a personable IT employee who regularly makes the rounds, talking with employees about issues that arise and noting their security practices, says Kocher. If your company isn’t big enough for a dedicated IT staff, make sure you’re modeling good security practices. Often, says Kocher, senior management personnel are the most difficult to convince when it comes to taking precautions. Executives want immediacy and convenience and may not think about the potential consequences. Test and review. Develop a survey about best security practices and have employees take the survey at least once a year, suggests Davis. Follow through on incorrect responses. The good news is attacks on small andmid-sized businesses are usually an afterthought. Directed attacks are usually aimed at bigger prey, such as large corporations. Your greatest vulnerability lies in your employees. “Most of the time, it’s literally an employee doing something they shouldn’t do,’’ says Davis.
Everyone seems to be jumping on the green bandwagon, which is great for our environment, but how do we know when buying green is overkill? “Green IT is an oxymoron,” says Simon Mingay, an analyst with Gartner Research. “There’s no such thing, but with more efficient tools available, you will more than pay back any incremental costs.” Studies show that businesses want to be energy efficient and that when it’s time to replace old equipment, whether it is a server or a desktop, IT managers make their replacement the energy efficient choice. However, most businesses do not replace a good system even if it is not energy efficient or if it still has many years left in its life cycle. Mingay agrees that you’re better off hanging on to the old equipment if it is reliable, and he says when it’s time to replace hardware “then making energy efficiency part of the buying criteria is absolutely critical.” Businesses need to look at achieving energy efficiency in both their desktop and data center environments without compromising budgets and shrinking their return on investment. Greening of the data centers In the data center, many companies choose a virtualization solution, which may include integrating a software solution like VMWare with existing servers or may require buying larger servers to give power to the virtual machines. Energy efficiency can be achieved depending on how many servers there are. Consolidating servers is another green solution which reduces loads and ultimately saves costs. BDNA Corporation in Mountain View, Calif., helps companies save energy by using their GreenScan technology to run a server inventory. When the scan is complete it reveals how much power each server consumes, which determines the new server configuration. If new servers are necessary, then the scan takes into account the company’s current footprint and monitors the migration of the new location’s future equipment purchase. Companies can deploy thin clients and use CPU power throttling for their high-end servers, where the servers throttle down during low use time and don’t waste power. Data center solutions do require purchasing additional hardware and they do require more time to implement. Steve Brasen, analyst at Enterprise Management Associates recently conducted a green IT study which revealed that some data centers can’t reduce their power consumption since they need to be up and running 24/7. In reference to virtualization and hardware upgrades, Brasen says, “You should upgrade hardware because it’s time for more efficient computing, and not for just having an energy efficient solution. Choosing virtualization in order to go more green shouldn’t be the primary reason for deployment.” Greening of the desktop area In the desktop area, using power management tools such as turning off the machines at night, using spin down drives or hibernation tools lowers costs so companies don’t need to purchase new equipment. Brasen in the same green IT study found that when power management techniques were implemented in the desktop area, there was an average of 19 percent reduction in power. He also found that using laptops cost $23.26 in power consumption per year, versus desktops costing $149.10 per year. “So for 10,000 deployed desktops, which would consume 1.5 million in energy costs, and laptops, which cost $232,600, you could save $1.3 million annually,” he concludes. ”Going green is the great umbrella of social responsibility and reducing company cost,” Avanish Sahai, vice president of BDNA marketing says. To achieve energy efficiency in the desktop area, “There’s simple stuff that can be done with dramatic effect. Get a policy with automated power management to turn off your computers and monitors and see a savings of 22 percent in IT costs.” Sahai adds that companies also need to educate their employees on how to use Windows’s hibernation controls and then set a policy and monitor it. Mingay suggests companies check out Electronic Product Environmental Assessment Tool at EPEAT.net to find out which monitors, desktops, and notebooks are the best green choice as rated by the Energy Star 4.0 rating system. Obstacles to green IT The largest obstacle to implementing a green IT initiative is the budget and responsibility split between the facilities department, which handles the power budgets and the IT department. Sometimes a good green policy gets stuck waiting for the right data and implementation to make it happen. Ultimately, the CEO needs to provide the overall vision of green IT by implementing green governance, or corporate social responsibility bodies to oversee multiple projects across departments. Mark L. Cavaliero, CEO of SyTec Business Solutions in Raleigh, N.C., a network integrations firm, says he makes his green IT decisions by listening to his vendors, his clients, and his team of engineers. He also considers his budget. “We don’t like to waste anything and there’s also an economic incentive to help clients save money and to make our employees more productive,” Cavaliero says. Regarding green IT, “It seems that the economic and benefits to society have lined up.” Where green IT is headed Brasen predicts virtualization will be the number one data center solution to achieve green IT over the next year and he also emphasized that the 19 percent average saved in the desktop area could be even greater. He states that opportunities do exist in both the data center and desktop area and that more companies will realize that you can reduce power consumption and produce ROI. Implementing a green IT policy is no different from any other networking or security implementation. Both involve a thorough inventory of all hardware and software assets and both require the CEO to communicate policy and goals by example and leadership. Companies shouldn’t rush to buy green equipment without first checking the equipment’s agility first just as they shouldn’t implement an ad hoc green policy that doesn’t reach all areas of their organization. But by adopting power management strategies and replacing equipment nearing the end of its lifecycle with a more energy efficient models, companies can reap the benefits of sustainability, social responsibility and cost savings.
When small businesses grow, their network must also expand. They know that it will take time and money to set up their network architecture, connectivity, and security requirements. But before a small business travels down this road, there are many things they need to consider. One of the first will be: should they go with a value added reseller (VAR) or buy the hardware to set up their own network? To avoid costly networking mistakes with a VAR, small businesses need to know if the VAR is a good match for their business, if the VAR has the necessary experience, and if the support promised is reliable. If the small business chooses a D-I-Y (do-it-yourself) solution, then the D-I-Y route needs to be worth the extra time that could be saved by selecting a VAR. Reasons for choosing a VAR Security – With a VAR, the client is ensured that firewalls, software monitors, encryption, and port monitoring are in place. A VAR such as IT Integrators in Apex, N.C., changes all of the known bandwidth ports to unknown ports to confuse hackers. They also close international ports if their clients don’t conduct any international business. Says Joel Phillips, owner of IT Integrators, “If you don’t do this for a living, you’ll be muddling through.” When small businesses choose to work with a reliable VAR, they don’t have to spend time reading through all the necessary security advisories and other time-consuming security matters. Support – Besides a having reliable help desk with 24/7 support, some VARs, such as Sytec Business Solutions in Raleigh, N.C., advocate for their small business clients should any issues arise from their vendors. For instance, Sytec keeps its staff informed of all new products from Cisco, one of its chief vendors, which in turn is beneficial for their clients. Says Mark Cavaliero, founder and president of Sytec Business Solutions, “When we see a problem, prevention is key to keep the uptime going for the small business.” VAR Pitfalls Lack of experience – Many VARs outsource their staff or hire part-time workers who are not highly qualified to service networks or don’t have their necessary certifications. Also, some VARs have high staff turnovers. Small businesses need to realize that a VAR has access to sensitive company information and choosing a weak VAR can hurt productivity and can compromise security and database information. Lack of reliability – A VAR may say that they are monitoring the server, but they may not be able to tell that their client’s disk sub server is out. They may seldom respond to e-mails requesting help, which is especially frustrating if the small business has already made a significant investment with this VAR. Do-it-yourself option Many small businesses decide to buy the hardware and build their own network. This may be a cost effective solution if the owner or staff have worked in the computer industry, but if the time spent on a D-I-Y solution is going to take away productivity from the business, then turning to a VAR to handle networking management may be the wisest choice. Choosing a VAR to build a company’s network to support high bandwidth and security needs should not be taken lightly. Small businesses should use their own professional networks to discover the right VAR for their segment of industry and one that comes with excellent referrals and testimonials. Companies that use a VAR make an initial investment on the front end, but this investment should be regarded as a way to avoid costly networking mistakes. If the server goes down, so does productivity — using paper and pen won’t keep a business competitive in 2008.
You’re Marty Chamoff, the owner of two Debby’s Hallmark stores in Raleigh, N.C., and Christmas is around the corner. You offer extended hours and have hired extra help to accommodate the growing line of customers. You wonder if there’s some way you can serve more customers without compromising your bottom line. Perhaps installing a contactless payment system is the way to go to speed up transactions and increase your sales volume. You know that radio frequency identification (RFID) technology can be embedded into American Express, Visa, and MasterCards so that all the customer has to do is tap her card or key fob at the point of sale (POS) reader and her account is charged without ever leaving her hand. In addition, mobile phones equipped with NFC, or near field communication technology, can communicate with a merchant RFID reader to complete a transaction. This payment system works best for small transactions, called micro-payments, where the transaction is under $10. For these micro-payments a signature is not required, although for transactions above $25, the customer needs to sign or input a personal identification number for a debit transaction. The next frontier for contactless payments Retail customers already enjoy using their contactless cards at gas stations such as Exxon Mobil and Shell, at fast food restaurants such as McDonald’s and Arby’s, and at drug stores such as CVS, where the transactions are small and customers want to be in and out as quickly as possible. So are small businesses the next frontier for contactless cards? Unfortunately, there are still a few hurdles. “Using contactless payments is a great idea, but unfortunately, my bank doesn’t offer it,” says Chamoff. “Our entire system has to be compatible with this technology in order to be successful and right now it isn’t.” According to Forrester Research, the Cambridge, Mass. IT research company, many merchants hit a wall when the banks and payment system operators can’t agree on who should front the initial investment costs for this new technology. And even if the banks can agree, merchants may not be willing to invest in RFID, or their business may not be the best fit for contactless payments. Concerns remain about contactless cards The types of businesses best suited for contactless payment systems include convenience-type stores or other retail businesses that need to move many customers through the point of sale with low cost purchases as quickly as possible. The infrastructure needed to accept contactless payments includes hardware terminals and the necessary software to integrate the data into the existing accounting system. Many small businesses still have reservations about upgrading. Such is the case for Nollie Jones, owner of a UPS franchise in Raleigh, N.C. He says that he often spends longer with his customers than other businesses “since they wait for us to measure, weigh, and pack their packages.” Adds Jones, “I’m also concerned that the person swiping the card may not be the owner of that card.” Furthermore, Jones would receive virtually no savings from MasterCard or Visa for switching to contactless payment systems and that it would take a long time to recoup the initial investment costs. Looking ahead, contactless systems will replace cash for small transactions in businesses where there’s high volume and relationship-building with the customer is not the priority. Already 19 million RFID credit and debit cards have been issued since 2003, according to Forrester. However, once the public accepts the ease of payment and trusts that this system is a secure one, more merchants and banks will invest in this technology so customers won’t shop somewhere else. SIDEBAR: Contactless payment systems in the U.S. MasterCard PayPass — launched in 2005 with 10 million registered users. American Express ExpressPay – launched in July 2003 with 3 million registered users. Visa payWave — launched in December 2006 with 6 million registered users. Source: Forrester Research
Deepak Desai, CEO of GlobalEnglish, a provider of online language training tools to corporate customers, pays close attention to the feedback he gets from users. And two years ago, it became clear that the users had spoken: They were commenting frequently, online and in person, that the training required too much repetition of specific phrases and vocabulary. Desai and his team pored over the comments, analyzed the problem, and took decisive action that customers applauded: They didn’t change a thing. Today, everyone wants to create the customer-driven company, and that means getting lots of customer feedback. Hey, no problem. The Internet provides a fire hose of customer data: website clicks, online product evaluations, surveys, chat rooms, e-mail, instant messages, even Skype calls and video chats. You can hear more from your customers than you do from your family. The advantages of all this feedback are obvious. Facebook, for example, learned quickly how people felt after it offered a feature that let members monitor changes on other people’s pages. Users hated it. But often overlooked is the fact that all this readily gleaned customer feedback can lead you astray. Take GlobalEnglish. It’s not that Desai doesn’t act on customer comments and complaints. When users asked for more help writing business documents in English, for example, the company created an online writing center with customizable sample documents. But Desai casts a skeptical eye over the feedback before doing anything. In the case of users complaining about too much repetition, Desai recognized that they were expressing natural frustration with the difficult and often monotonous drills essential to mastering a new language. “You have to be careful to not take all feedback seriously,” says Desai. “My son complains about his homework, but I wouldn’t be doing him a favor by excusing him from it.” And sure enough, customer satisfaction with GlobalEnglish is high precisely because users eventually realize all those language drills yield results. Marketers have long known that sometimes customers hate you for listening to them. Think New Coke, which tested off the charts with soda drinkers up until the moment it was rolled out, when it flopped spectacularly. The problem crops up even with meticulously designed focus groups, and things only get dicier when you’re dealing with the raw, random river of Internet feedback. For starters, you can end up listening to the wrong customers. Online, the loudest and most-oft-heard customers might think very differently from the heart of your customer base. Sometimes a squeaky wheel is simply misaligned and heading in the wrong direction. If Microsoft (NASDAQ:MSFT) took its cues from the constant stream of disdain that it attracts from the cranky, iconoclastic message posters who tend to dominate online chatter, the company might have killed its Windows software long ago–though Windows has, of course, utterly dominated mainstream corporate and home computing. Taking customer feedback with a grain of salt may sound easy enough, but entrepreneurs who aren’t used to navigating a blizzard of comments are often quick to overreact, notes Gary Rhoads, a business professor at Brigham Young University who studies customer satisfaction and who co-founded and now consults to a company called Allegiance, which provides online tools for managing feedback. “A manager will see a comment and say, ‘Oh, my gosh, did you see what this customer said?” Rhoads says. “But a lot of the time it’s just not representative of the customer population.” That problem emerged recently at Amarr, a garage door manufacturer in Winston-Salem, North Carolina. Amarr gets plenty of e-mail from contractors, but Steve Crawford, the company’s IT chief, sees it as an unreliable gauge of customer opinion. “The people who buy and install our doors are mostly guys with pickup trucks, and half of them don’t even have e-mail,” says Crawford. “Even if they have it, their careers hinge on being able to get a door installed in two hours. They’re not going to be sending off any e-mail notes about it.” To get more representative feedback, the company instead relies on face time with customers in the field and in organized meetings. Queensboro, an Internet-based apparel vendor in Wilmington, North Carolina, wrestles with similar questions about its feedback. Founder and CEO Fred Meyers notes that in addition to collecting e-mail notes and comments posted on the company’s website, Queensboro also e-mails surveys to customers two days after an order arrives. About 35 percent respond. Meyers and other top managers meet weekly to sift through this cornucopia of comments and are sometimes confronted by quality complaints about the company’s least expensive shirts–custom-logoed polos that sell for as little as $7.95 and indeed are inferior to other items. Queensboro wants to be perceived as a high-quality vendor, and its first reaction was to be worried; some managers even argued that the company should discontinue the cheap polos. But then they realized: The shirts cost eight bucks. Buyers who expect premium quality at that price probably aren’t good candidates to become bigger-spending customers who buy higher-quality shirts. “We have to evaluate these sorts of comments in the context of what the customer is buying,” says Meyers. Online feedback is a good way for a company to get in on “crowd-sourcing”–that is, letting the customer base help drive the direction and design of new products and services. There’s just one catch: If the crowd seizes on an idea it loves, it will pressure you to adopt it, even if the idea is costly and at odds with your own strategic thinking. After all, the crowd may know what it wants, but it isn’t running a cost-benefit analysis on your behalf. Consider Jellyfish, a Middleton, Wisconsin, social shopping website that runs a daily hourlong game-show-like session for bargain hunters. Jellyfish employees mix into the crowd to solicit suggestions. The most popular: Run the session 24-7. “We’ve been hit with hundreds of comments asking for it,” says Jellyfish CEO Brian Wiegand. “But it’s a radical request that requires building in more support, inventory, and scheduling complexity.” So far, the company has held off on committing to the idea. Indeed, one danger of focusing on what customers ask for in feedback is that a company might stop trying to come up with bright new ideas that its customers aren’t asking for. Apple’s (NASDAQ:AAPL) customers weren’t inundating it with requests for a hand-held music player when it came up with the iPod. “Companies that are overly customer-reactive can fail to think about the big picture,” says Brigham Young’s Rhoads. “You can’t ignore what customers are saying, but you don’t want to kill innovation by only responding to customers.” It would be nuts not to take advantage of the ability to gather as much customer feedback in a day as a company might have gotten in a year a decade ago. But good luck figuring out which feedback to act on, and which actions to take. In February, Dell (NASDAQ:DELL) put up a site to let the public post and vote on ideas for Dell computers. The company will adopt the popular suggestion to offer the Linux operating system, though it’s been costly to make that happen. Dell isn’t moving so fast on another customer request: PCs with cupholders. Contributing editor David H. Freedman is a Boston-based author of several books about business and technology.
Who doesn’t love the convenience of an in-house wireless network? You can tote your laptop to a colleague’s office, a conference room, even to the cafeteria — as long as those places are within range of your system’s signal — and still get your email, retrieve documents on company servers and even access the Internet. And who hasn’t heard about the headaches inherent with all that openness? A few complaints involve performance: For instance, most networks have some “cold spots” where the wireless signal is weak or non-existent. But for most businesses, the biggest concern is security. Or, more precisely, the lack of it. Like cell phones, wireless networks rely on radio waves; like cell phones, they’re simply more vulnerable to certain security problems than their wired counterparts are. While security standards have grown increasingly more stringent in recent years, corporate wireless networks remain vulnerable to a variety of threats. Among them: Computer viruses and worms. Hacker intrusions. Nearby outsiders who hop, uninvited, onto your network, using your signal to access the Internet for free. (A few years ago, I had a contract job at a struggling company that didn’t have its own wireless set-up, but its employees could easily piggyback onto a neighboring business’s unsecured wireless network. Nobody was interested in their host company’s data; they just wanted to surf the Web for free. And they did. Regularly.) Protecting your wireless network starts with an obvious step: Invest in a firewall, a virus-scanning program, and intrusion-detection software. Use them at their highest-security settings. Update them regularly — automatically, if possible. And make sure your IT team is using the most recent security protocols (usually expressed as some combination of the number 802.11, followed by a letter), which are more secure than earlier iterations. Beyond that, avoiding these common mistakes can help strengthen your network’s security, keeping your information safe and your employees productive: Using easily cracked passwords. Too many organizations use group passwords that a fifth-grader could figure out. Common ones include: The company name or a slight variation, (such as “WidgetCorp”), a logical sequence of letters and numbers (such as “abcde12345”), one number repeated multiple times (such as “777777777”) or the company’s main switchboard number or mailing address. Experts say some businesses never even bother to change the wireless network manufacturer’s default password — which a savvy crook can find almost as easily as that street address or phone number. You’ve heard it before, but it bears repeating: Opt for less-obvious passwords, both individually and as an organization. Don’t use names. Don’t use recognizable words — hackers typically have software programs that cycle through electronic dictionaries trying one possibility after another until they hit the right one. Use a seemingly random group of letters and numbers, but watch the length. If it’s more than about 10 characters, some people will write it down to remember it, possibly even posting it on or near their computers. That’s like putting a key to your house in an envelope marked “Key to the House” and leaving it right outside the front door. Leaving entry points vulnerable. Jonathan Hassell, an IT systems consultant based in Raleigh, N.C., says a wireless network’s weakest spots are the places where legitimate outside users can get into your systems. Those points — such as virtual private network (VPN) connections and remote-access servers — are also the places most likely to attract unwelcome visitors. Hassell, author of Hardening Windows (Apress, 2005) recommends having your IT team or a security specialist “harden” those points — that is, provide them with state-of-the-art protection against hackers, viruses and other external threats. And don’t forget that every computer on a network also serves as an access point. Encourage employees to turn off their machines whenever they’re not in use. Failing to set policies. The world’s best security measures won’t work if employees don’t cooperate. For instance: Wireless networks are so inexpensive and easy to use these days that in some growing companies, forward-thinking employees simply set up their own little networks for small-group collaboration. You need to consider whether such “private” networks are acceptable and, if so, determine whether they’re properly secured. It’s also important to establish rules about who can use your company’s main wireless network. For instance, do you want to provide visiting consultants and contractors with access? Finally, when you travel, pack the same precautions. Be especially careful about transmitting confidential information over a wireless network in a public place. Travel writer Christopher Elliott relates that while he was using a hotel’s wireless network, someone snagged his email account password and nearly succeeded in sending an obscene message to the 21,000 subscribers of his email newsletter. “It’s the last time I’ll send any sensitive data” wirelessly, Elliott wrote in describing the experience on a Microsoft-sponsored site for small businesses. Just as with cell phones, when you’re on a wireless connection in a public place, your best bet is to assume that somebody might be eavesdropping.
