Like our cars, many of us take our computer systems and networks for granted. Once they are installed and working, we tend to forget about scheduled maintenance and security.
Since most of the services that our companies require are on the Internet, we are forced to get access to stay current with technology. When on the Internet, there is no such thing as being 100 percent secure but if you take the proper precautions and keep your safeguards up-to-date, you will be less vulnerable to viruses and other attacks.
You should always have a firewall, an anti-virus protection program, keep all of your software up-to-date, and never open an email that has an attachment which you are not expecting. It is easy for a virus to exploit email clients by adding malicious code inside email that will automatically run if you open or preview the attachment. Most viruses are network aware, so adding a firewall device will block virus attacks from the Internet. Use passwords to protect your shared network and resources. Keep your software and operating system up-to-date, and this will minimize the known vulnerabilities and security exploits on your network. Anti-virus protection (if kept up-to-date) will catch viruses that have gotten through other layers of protection. Negligence in these areas can be detrimental to your business if your customer credit cards are stolen or your bookkeeping records are destroyed. Don’t risk your livelihood by doing nothing when it is easy to protect yourself.
Biggest Threats
Internet access without a firewall: A firewall is a device that helps control and or block network traffic. Networks without a firewall share the same resources with the Internet as they share with the local network computers.
Inadequate anti-virus protection: Some fail to keep the protection up to date while others ignore the risk until it is too late, losing money, and irreplaceable data. Even if there are current backups, there is a high probability the backup was infected.
Security policies: Not enforcing a security policy is like not having one at all. Make sure there are policies covering Internet usage, installing third party software, and email usage, etc. Knowledge is the most powerful tool in securing your network.
Software updates: Always keep your operating systems and software up-to-date. When a security bug is reported, most companies have a patch or a hot fix (software or operating system update) ready to download to repair your system.
Disaster Recovery Plan (DRP):
Internet access without a firewall is like welding on a half full gas tank without goggles. Every time you connect, you are looking into the face of disaster while not seeing how dangerous the situation is. You also open yourself up for anyone and everyone to view/edit/delete the contents of your system. This includes financial records, customer databases, and personal information.
Inadequate anti-virus protection is as bad as not having virus protection at all. If the anti-virus software is not up to date, you are not protecting yourself from new viruses (10-20 new viruses or variants are created every day). Anti-virus companies usually have updated virus definitions (software updates) 24 hours after a spreading virus is discovered.
Security policies are the crux of every business information system. Unfortunately, most people do not realize the importance of having security policies in place. These policies let employees know what is expected of them and what penalties may be enforced from non-compliance. There are increasing cases of legal issues arising from companies being infected by viruses and cyber thieves, who then use the infected network to attack other target organizations or systems. The end victims are now starting to sue the unprotected network owner by reason of downstream liability. Security policies that are in place and enforced minimize the potential liability Software updates are available to fix bugs and security holes that are in your current software or Operating System (OS). However, there are times that these updates open up new security holes that viruses and cyber criminals can exploit. These vulnerabilities are usually patched up soon after the exploit is discovered. This is why frequent checking for updates on a scheduled basis is good policy.
DRPs are important because they give employees direction for when something goes wrong. A DRP should contain easy-to-access contact information for parties that are needed for a speedy recovery. Contact information should include parties such as:
Internet Service Provider
Business Management Service provider
Computer/network technician
Power Company
Telephone Company
Company managers
The owner.
IT should also contain a “To do” list for when certain situations happen. For example here are the steps you should follow to safeguard your computer equipment in case of a power failure.
Save work and shut down systems before battery backups shut down.
Backup current data.
Properly shut down all computer/network equipment including switches/routers.
Using an analog phone or cell phone, call the power company at a predetermined number easily located.
In the case of a network failure:
Backup data if possible and proceed until the issue is resolved.
Restart local computer.
If not localized to the one system, restart server.
Shut down entire network including all switches for 5 minutes.
Turn switch on.
Turn server on and log on.
Turn on computers/workstations/printers
Call your predetermined computer/network technician.
More detailed information can be found at www.securitydocs.com/
go/2397.
Jeremy Martin is the Director of Communication for PLUSS Corp., a business management service provider for the automotive and heavy duty trucking industries, and holds the computer industry’s top security certification, the CISSP. [email protected]