As appealing as it is to just ?buy? security, even the very best security suites cannot cover all eventualities. Vigilance on the part of you and the other staff members is a must. Here?s a quick and easy ten-step guide that, in conjunction with good security software, should keep you business safe from criminals and accidents.
The vast majority of successful attacks are not the result of some elite hack slipping past your computer?s firewall. They?re successful because a human was duped into doing something they shouldn?t have. Perhaps they received an email promising a fun game or a picture of a naked celebrity ? if only they click on this link or open this file. Or a message that appeared to come from their bank that told them to go a specific website and enter their username and password.
Education is the hardest part of getting security right, but it is essential, and here are three quick and easy to remember rules that will nullify a huge chunk of internet risks:
- Never, ever open an executable file (those with .exe, .vbs or .bat extensions, for example) received in an email, even from people you know.
- Never respond to or act on requests in an email that would require you to give up confidential information. That includes emails that direct you to go to a website to enter that information.
- Never install new software on a work system (or a personal system that you connect to the office network) without approval. ?Fun? applications ? small games, screensavers, emoticon packs and desktop enhancers ? are the worst carriers of malware, and should be avoided.
2. Use good passwords
People hate them, but non-dictionary character strings that include both numbers and letters make the best passwords. Dictionary words, dates and names make poor passwords, because hackers can run what are called ?dictionary attacks? on the password ? automated systems that run every word in a dictionary against the system. ?Grapevine?, for example, is not a good password; ?8kgye3df? is.
It?s also imperative that passwords on purchased hardware are changed from the default. A wireless access point set up with the default administrator password and ID is extremely vulnerable, and could be used to access your entire network.
3. Turn on wireless security
Many wireless access points and routers are, unfortunately, shipped with wireless networking turned on, but with security turned off. Check your router manual, and turn on WPA or WPA2 security. Without it, anybody in range could access your wireless network, slipping in right behind your router firewall.
4. Create user accounts (with passwords)
Every major operating system has the capacity to assign different users varying levels of authority over the system. In Windows Vista, for example, you can create Standard User accounts that don?t have the authority to install new software on a system. This prevents the user from unintentionally (or intentionally) installing viruses or spyware on the system. Every account on every PC should be password protected, and all guest accounts should be disabled.
5. Remove unused software
Unused software and services should be uninstalled or disabled on company computer systems. Most PCs don?t need file sharing switched on, although many PCs are shipped with it enabled. Also, when an employee leaves the company, their accounts should be deleted. Old user accounts are often a way for ex-employees to access your systems.
If you?re going to throw a computer out, make sure to format its hard drive first.
All office computers ? and any personal computers that attach to the office network ? should be kept fully up to date. On Windows computers, Automatic Updates should be turned on, and the PCs should be periodically checked to see if they?re up to date. New vulnerabilities are being found in both web browsers and operating systems all the time, and constant vigilance is required to keep them secure.
8. Create backups
This seems obvious, but too few companies do it, and they often keep their backups onsite. Important documents should be backed up regularly ? at least once a week, and more if they?re critical. External hard drives make a great way to do this, although the physical security of that hard drive then becomes very important.
Important files should be encrypted using one of the various tools mentioned earlier in this booklet, especially if they?re taken offsite on a notebook, mobile or USB thumb drive. Encrypted files can only be accessed if the user has the proper password, which ensures that, even if the files are lost or stolen, they can?t be used against you.
10. Have insurance
Insurance against financial hardships associated with data loss and theft is available, but given how difficult it can be to quantify the financial losses associated with this kind of event, it?s worth reading any insurance policy in detail. Companies have been wiped out because they misread insurance policies.