Please ensure Javascript is enabled for purposes of website accessibility

Protection Secrets

  • By Mark Gordon
  • | 9:50 p.m. July 23, 2009
  • | 2 Free Articles Remaining!
  • Strategies
  • Share

Sarasota entrepreneur Asim Chauhan sought a top-notch computer security expert when launching his new data protection firm in late 2007.

Sarasota entrepreneur Asim Chauhan sought a top-notch computer security expert when launching his new data protection firm in late 2007.

He met that goal by literally going to the source: He hired Gary Bahadur, who built an $80 million computer systems protection firm by first learning how to break into a database.
Bahadur is now chief executive of Sarasota-based KRAA Security, a firm with a niche in assisting health care and financial companies in meeting new and ever-changing computer and network security requirements. KRAA also works with clients on setting up a moat around a computer network, including firewall management and what's known in the industry as intrusion protection — a term for keeping hackers out of a system.

Proper network security is essential to a company's short-and long-term viability, Bahadur says, yet too many small businesses treat it like just another expenditure. “Most people don't understand the difference between IT management and security management,” adds Chauhan, who also runs Sarasota-based Infosun, which provides technology-consulting services to insurance and other financial service companies.

It's a challenge others in the industry have discovered, such as John Jorgensen, who runs the Sarasota-based Sylint Group, which also works in the computer data protection field.

Bahadur co-founded Foundstone Inc., a computer security firm that grew to five offices in the U.S. and one in Singapore. The company was sold to systems protection giant McAfee for $86 million in 2004. Bahadur later developed systems protection programs for Ernst & Young.

Bahadur recently shared some of his company's computer protection secrets. Some highlights of Bahadur's most-dos:

• Use a firewall: In addition to a corporate firewall, a good personal firewall will help defend your system, Bahadur says, especially if it has the capability to monitor outbound traffic or stop unknown programs from being run or installed.

• Run updated anti-virus: Sounds obvious, says Bahadur, “but you would be amazed at how out of date most companies keep their antivirus.”

• Install patches: Keep your systems patched because many worms, viruses, and malware take advantage of un-patched system vulnerabilities. Almost all companies are out of date on patch management, he says.

• Web site security: Conduct a web application security assessment at least twice a year.

• Security architecture review: “If your network architecture has holes in it,” says Bahadur, “a hacker can find a way around the applications, firewalls [and] your antivirus.”

• Database security: Make sure data is encrypted, access is completely authenticated and inappropriate access is blocked.

• Encryption: Encrypt mobile devices using whole-disk encryption or at a minimum, encrypt your data folders.

• User education: “An uneducated user is most likely to find a way around 'inconvenient' security steps,” says Bahadur. A key to good protection, therefore, is to teach employees why security is necessary.

• Protect the browser: This protection phase is often overlooked, says Bahadur. But he says it should be treated like operating systems and other files, in terms of antivirus protection and firewalls.

• No porn surfing: While it sounds funny, if not obvious, Bahadur says blocking access to non-work sites is a key component of a good protection system. “Don't go to sites you don't trust,” Bahadur says, “because such sites will attempt to have you install malicious spyware and malware on your computer and compromise your security.”


Latest News