Hardly a week goes by without a news report about a stolen laptop or some other security breach. I guess a positive outcome of this news coverage is it has made business and individuals more security conscious. Security is always going to be a balancing act. If your security policy gives you strong protection but is not practical or difficult to understand the risk is that staff won’t stick to it. Here are some simple steps to improve the security of your network:
o Implement secure passwords. At least 6 characters with a combination of upper and lower case plus special characters/numbers.
o Ensure passwords are changed in your business every month. This can be set as an automated prompt.
o Ensure you have adequate anti-virus protection and spam filtering.
o Ensure you have a firewall.
o Only allow remote access to people who need it not everyone.
o Implement a laptop security policy and ensure staff are trained on it.
o Share passwords within the business. There are still some businesses out there who have book labelled “passwords” on full view in the open plan office!
o Don’t let staff write their password reminders on a Post-It Note stuck to their computer.
o Have a link for external access to your internal systems from your public website.
If you are running Microsoft Small Business Server you can implement secure fobs – like some banks so that in order to login remotely you need to know the username/password and be in possession of the fob in order to input a random number. This also available on other server types and systems.
Remember that one of the biggest threats to your security is from within your business.
Wireless is not a secure medium and should be treated as such, where possible implement the highest encryption practical. Firewall the wireless so that even if it is compromised only your internet connection is compromised – not your internal systems.
Web surfing – common Sense
Don’t click on links in emails asking you to login to so and so bank or indeed any site, if you believe it is a legitimate email open up internet explorer and browse to the site directly and login without clicking on any links with the email.
Pop-up boxes – if you get a pop-up box saying you need to update so and so anti virus software and you have never heard of the software just close it – clicking on the links gets you to install malware. Another variation of the above is a pop-up saying you are infected with a virus click here to get protection or similar – don’t do it.
Social networking sites (Facebook, Bebo, MySpace etc)
I’m new to social networking sites but I have noticed that it is now possible for viruses and other malicious software to be spread via these sites. A user’s login is compromised and then their account is used to send malicious links via the internal email/notification system to all their contacts on that site.
Vigilance is important here and you should take the same precautions used for email, including never responding to unwanted messages and never posting personal information that could lead to identity theft. This includes your birthday in your personal profile. If you want to display it I suggest excluding your year of birth.
Please contact us for further advice on IT security