Employees of large companies often whinge about the constraints placed upon them by their IT departments. These contraints normally centre around security best practice.

Small businesses do not typically have the same disciplines. Timico recently performed a security audit at the request of one of it’s customers. The results were very revealing.

• Poor/outdated wireless security – use of WEP instead of WPA. It takes less than 5 minutes to crack a WEP key – a bit longer if the network uses MAC address security.
• No hard disk encryption or password protection on BIOS of laptops –  the stolen laptop test.
• Use of outdated VPN client allowed decryption of IPSEC tunnel passwords.
• Multiple equipments with default username and passwords.

Timico identified over ten major security faults at the customer’s premises. In fact this business was wide open. A malicious person could have sat in a car outside the office building, hacked into the network, accessed their important server information and disabled their network before leaving. These people do exist.

The fixes were relatively quick to implement in most cases. It’s just a question of discipline, with a little help from Timico. . .