Seated behind his desk in his office overlooking Sorrento Mesa, Jim Matteo ponders a paradox: Can a computer network ever be completely secure?
He offers the analogy of a bank. A bank can have a vault, it can havae armed guards, it can have special glass. Each step can take the institution closer to 100 percent security. However, security can never be a 100 percent proposition.
“It’s not a perfect world,” says Matteo, CEO of Bird Rock Systems.
Some say network security can only be achieved if a computer is severed from a network. However, by then, there is no network, hence no network security.
“The Internet is not a friendly place,” said Thomas Powell, a San Diego businessman and UC San Diego instructor, noting that a presence in cyberspace immediately makes someone neighbors with the Eastern European hacker community.
Indeed, there are hackers of unknown origin constantly trying to break into connected computers. They are opportunists who, in Powell’s words, jiggle the doorknobs as they walk down the street to find an unlocked door. There are also people on the lookout for something specific: trade secrets or credit card numbers or Social Security numbers.
Tips From the Experts
The San Diego Business Journal recently contacted several people who work on computer networks for a living, and asked them for tips on computer security, particularly for small to medium-sized businesses.
Take Inventory: Stephen Cobb, whose job title is “security evangelist” for antivirus maker ESET North America, says a firm ought to know what is on the network and who is on the network.
To get details on the first aspect, companies ought to compile an inventory of hardware and software. “It’s a good exercise to map your network,” he said, adding that it may turn up surprises, such as the revelation that employee Joe has unauthorized software running.
Knowing who is aboard is helpful too, Cobb said, noting that growing firms should take the step of handing out unique usernames and passwords. “As a company gets to be 10, 20, 30 employees, it gets more and more important,” he said.
Understand What You Are Trying to Protect: Different data call for different levels of security, noted Patrick Luce, director of consultative services at Vector Resources Inc. Both Luce and Vector are based in Torrance; Vector has a San Diego office.
Consult With a Specialist
For example, companies have a legal obligation to protect medical information under HIPAA, the federal Health Insurance Portability and Accountability Act. People dealing with this — or with credit card transactions, Social Security numbers or certain data related to public companies — would do well to consult with a security specialist, said Luce.