Lack secure computers? Kelley students can help
11/27/2006 (Kelley Indianapolis)
Most entrepreneurs wouldn't close up shop for the evening without emptying the cash register, locking windows and doors, and turning on the alarm system. Yet many leave themselves open to theft and vandalism by failing to secure their computer systems.
"Most small businesses give little -- if any -- attention to cybersecurity threats," said Roger Cochetti, group director for U.S. public policy for the Computing Technology Industry Association.
Cochetti said small businesses are more susceptible to attacks by hackers, criminals and terrorists than major corporations, which have more money and staff dedicated to information security.
"If you're a bad guy and you're looking for an easy target, you're going to look toward a small business," he said. "You'll be able to get in and get out fast. Many small businesses don't know they've been attacked until long after it's happened."
The Kelley School of Business at Indiana University-Purdue University Indianapolis is launching a program to help local entrepreneurs avoid this fate by providing free cybersecurity consulting.
The university will match graduate and undergraduate students pursuing accounting and computer information systems degrees with businesses to review information security plans or help draft plans.
Students will offer advice about acceptable Internet use, anti-virus policies, database security, e-mail use, server security and more.
"This project will give the students some practical, hands-on experience," said Kelley professor Eric Johnson, who is leading the project. "The idea is to provide a learning experience for the student and a valuable take-away for the company."
Johnson is looking for 10 companies to participate in the project, which runs from mid-January through April. Interested companies or nonprofit organizations should contact him at erijohns@iu.edu or (317) 274-5695.
"This will not cost the companies anything," Johnson said. "Their deliverable is an IT security report. They need to understand that it is drafted by a student. It is offered as a volunteer, high-level executive- summary-type review. Some organizations don't even know what their information security problems are. The students will give them a punch list to get started."
The project is part of a broader effort by IU's Kelley School to partner with local small businesses. Dubbed the Main Street Institute, the effort involves Kelley School professors providing educational seminars and workshops through the Greater Indianapolis Chamber of Commerce.
"The majority of our students . . . stay in this area," said Mary Chappell, director of external affairs for the Kelley School at IUPUI. "We hope we are providing even more job opportunities. That's the piece we feel is really important in involving the students in this information security initiative."
The first company to sign up for the program is Lauth Property Group, an Indianapolis-based commercial real estate developer.
"We were in the process of investigating firms to come in and do our annual security audit anyway, and we thought this would be a good way to get involved with Kelley," said Jeffrey Ton, vice president of enterprise processes, information and technology at Lauth.
"We'll get our information security policies reviewed, renewed and get the current best practices applied. We'll get a lot of benefit out of it," Ton said.
Lauth has 18 people on its information technology staff, and they support a network connecting 450 personal computers at offices and construction sites around the country. Ton said he hopes to build a relationship with the Kelley School.
"We want to talk to Kelley about getting interns or entry-level students in the information technology department," Ton said.
Most small businesses need to improve data security, experts say.
Half of the nation's small businesses do not have written cybersecurity policies and have no plans to provide information security training to computer users, according to a March 2006 survey by the Computing Technology Industry Association.
By failing to enforce information security policies, companies leave themselves open to lawsuits.
"There's a growing body of law . . . that creates liability on a small business whose data is breached because the small business wasn't paying attention," Cochetti said. "There are increasingly compelling reasons for small businesses to pay attention to cybersecurity."
