Here a few top tips to help you protect your assets. Always keep regular checks on what the latest threats are and solutions for those.
IT Security
Virus Protection
- Use a reputable virus scan software and don't be fooled by pop ups that say 'your computer is infected, click this balloon'. Here are some good places to start.
ZoneAlarm
McAfee
Symantec
- Have the software running in the background and enable automatic updates online.
- Don't open suspicious email attachments. A quick mail or phone call to check from a sender you know is worth it. If you don't know the sender delete first, ask questions later. Check Symantec and Sophos which list the latest threats.
- Block Spam. You have no idea how many spammers will find you. Don't bounce mail back to them, unsubscribe or reply to them because this often just validates it is a used email account. Microsoft Outlook has a tool or get a proprietary spam blocker from
Symantec
Sophos
Mcafee
- Set up a good firewall. The windows one may not be adequate. A firewall should not only block unknown incoming visitors, it needs to block any unknown outgoings as well. If an unwanted does hitchhike in it can send out information. You can get a software firewall from the companies previously mentioned, or a hardware firewall, which is integrated, into the modem.
Keep Software Up-To-Date
New threats are being made every day. Sophisticated blocking mechanisms lead to technology that is more sophisticated to break it. Sign up for Microsoft automatic updates. Check
windowsupdate and
officeupdate to be sure.
Passwords
For goodness sake, use an original password, nothing remotely personal to you, or you family and pets. Do not use the words admin or password. Half the organizations in the UK probably use those. Be random with letters and numbers.
Once again, do not use:
- Your real name, system username, or company name.
- No members of the family, pets, anything familiar to you that people readily know, e.g. favorite football team that is plastered all over your desk, a make of car you have on your belt buckle, birthdates or address numbers.
- Nothing written on a scrap of paper next to your computer.
- Any password known by someone.
- Obvious alterations like janie1, janie2, janie3
Do Use:
- Passwords you change every few months.
- At least seven characters
- A combination of letters and numbers, symbols if the system allows.
- A password you can remember!
Connect Remote Users securely
Use encryption and authentication technologies when users need to connect remotely. Take advice from your supplier.
Lock Down Wireless Networks
When taking advice from your supplier specifically enquire about using access points and not ad-hoc peer-to-peer (P2P). Also ask about restricting wireless access to office hours.
Back-up Your Data
It cannot be stressed enough to back up data regularly and keep it off-site. Computer crashes do happen. Use DVD's or external hard drives to store data. There are online back-up providers to consider. Check out
QuantaBackup.
Physical Security of Data
- All available means should be used to protect unauthorized access to office computers; locks, alarms, lockable cabinets, asset tagging, and supervise al visitors at all times.
- Have serial number logs for all equipment.
- Review persons with access to sensitive areas, and review those sensitive areas routinely.
- Lock doors securely, always set alarms, and perform tests on them regularly.
- Never leave sensitive documents on desks or printers.
- Make sure all staff are aware and follow these safety steps.
Be Extra Careful With Laptops
- Always have a laptop carry bag and keep it with you at all times, including during travel.
- Cable locks are a good idea; physically lock the laptop to fixed equipment when not in use in an office.
- Record the serial number.
- Use a security mark.
- When possible use a BIOS password, and disable booting from a CD or a floppy disc. (Manual will have instructions).
- Secure confidential files with Microsoft's encrypted system. This adds difficulty for unauthorized users to open files.