IT Security and You!
Did You Lock the Doors and Windows When You Left For Work This Morning?
Part 4: Tips for the Office
I will not say much on this other than to say, you should have a policy in place that tells your employees what they can and cannot do on the network and with your data. You can get such policies from lots of places on the internet.
You cannot really have a go at staff if you have not given them guidelines.
Business Continuity Planning
Companies should always have a continuity plan in place that will be activated should there be a business disaster like a flood at your office, meaning you have to relocate. Belt and Braces is my advice, have a good BCP, make sure it is written by someone with the right knowledge and experience, it can be written by a third party but they must be able to fully familiarise themselves with your company and sometimes your clients and their requirements, depending on the nature of your business. BCPs should be fully tested where possible. The internet is a valuable tool for finding out how to write a BCP, but I would advise caution…
Even the most experienced consultants make mistakes, ever heard of stories like, there was this large company who had a huge generator on their roof in the event of power failure; it automatically cut in. To start the generator unfortunately required mains electric; there had been a mistake in the specification. What a mistaka to maka!
In a worst case scenario, you may not have access to your normal site at all, off-site backups etc. , suddenly become the life and death of your BCP.
I mentioned earlier in this article, backups are very important especially in business. All I am saying here is that there are a few things backups should be:
- Done Regularly
- On Reliable Media
- Be Secured
- Some backups on-site with a copy off-site
- Must be tested regularly
- Restore random files and check they work
- Restore an entire backup to another machine
- Should be monitored for failures
- Be checked to make sure everything you need backed up is backed up, especially if users create new folders.
Virus Protection and Firewalls
All networks and PC’s must be protected; security suites are available for everyone (note that there is much less choice for 64bit PCs).
Some of these tools are expensive, especially on larger networks, but they work out a lot less expensive than the repercussions of an attack by hackers or the effects of an email or web based virus etc.
I am only stating here that you need them and that they must be kept up to date, not which ones are best or how to use them.
Stop Data Going Walkies
Data can leave your network in many ways, some legitimate and some not. Prevent the data leaving that is not legitimate as best you can, it is almost impossible to prevent employees breaching your trust and running off with data to competitors and alike. Always watch out for disgruntled employees as mentioned below.
- Make sure application access fits the users Job
- Do not enable USB ports unless you have to (Disable them)
- Make sure your IT staff know what they are doing e. g. There is no point locking down everything on the PC and then leaving the cmd/Command prompt or run command.
- Disable or do not install CD/DVD Recorders
- Strictly control all data exporting/reporting tools
- Make sure senior staff do not share their passwords and user Id’s
- Keep your network secure, WiFi with WEP, Virus Protection and Firewalls
In Summary There are enough pointers in these articles to make for a more secure IT infrastructure and reduce stress by preventing some of the bad things that can happen both at home and work with IT.
If you are unsure, worried or do not have the IT knowledge or confidence to feel comfortable with following the guidelines in this article or generally just muddle through with IT, then I recommend you sit back and let a reputable and knowledgeable individual or company help you, do not just get worried and sweep it under the carpet, act and act now, it is for you and your company’s own good.
I hear a lot of people in companies whinging about their IT departments or ‘IT bod’. If they truly are that bad at getting things sorted, then have your system checked out by a professional, there are lots of us out there, let them put your mind at rest, or recommend changes and training for your IT.
Lastly, not entirely regarding security, but more a general comment for businesses. . .
If your business has to work around your IT department and procedures put in place by your software and how it works, yet you want to work in another and better way, which your competitors may already be doing; something is wrong and it may be time to get someone to advise you. David Baldwin is the Managing Director of Working Pulse Ltd (http://www.workingpulse.co.uk )
David designed and created SME Guild, the business community (http://www.smeguild.com ) so all businesses (self-employed to large SME’s) could benefit from each other’s experience, find business contacts, new suppliers, networking opportunities, buy and sell online and much, much more!
Join before 1st May 2007 to get one year's FREE membership to SME Guild.