Computer Security Basics for Protecting Your Company
In today’s world there are constant threats to your infrastructure, your information and your employees' personal data. Social engineering, sophisticated hacking attacks, and phishing emails are all methods employed by criminals trying to get your information. A successful attack to your company could have serious and long-lasting consequences for your company. So, what are the best ways to protect yourself and your company? Over the next few weeks we will cover the most basic techniques to ensure these are secure.
Choosing a Secure Password
A strong password for every user is a good first line of defense. Choosing a poor or obvious password (like "password") is a common mistake a lot of users make. People often use passwords that are easy to remember, such as, their address or their child’s name.If a password is easy to remember it is probably easy to guess, especially with the proliferation of social media outlets today. How many times has an end user posted a Facebook status saying their dog Happy ate the couch again? So, using "Happy" or any of your pet's names would be a bad password choice. In addition, users should try to avoid using obvious patterns, such as an exclamation point in place of an I or a 1. All of these poor password choices can be easily avoided by following simple password guidelines:
Should be a minimum of eight characters long.
Should not contain your user name, real name, or company name.
Is completely different from any current or past passwords used for this or any other account.
Contains a combination of uppercase/lowercase letters.
Contains a number.
Contains a symbol (@,%,#,>)
Every company should have a policy for passwords similar to the guidelines above. This will help users select appropriate and secure passwords. After having a secure password, you also want to make sure that the password is set to expire at some point. The longer you go without changing the password the less secure it becomes. Some common password expiration lengths are 60 days, 90 days, and 6 months. Remember when choosing a password guideline and expiration, it is your first line of defense when it comes to attacks.
This is a fairly basic principal every company should have. If you walk away from your computer, you should lock it. People step away from their computers for longer than planned or forget to lock it before walking away. Prevent this problem by enabling password protection (or auto-lock) to lock the computer after a specified amount of inactivity. These policies can be set up quickly and simply on a domain controller or individually on each machine. For each operating system enabling password protection is different, however a user can manually lock their computer by:
AntiVirus and Mail Filtering
This may seem obvious however many users if given the incorrect rights will uninstall this for various reasons or excuses. It is never acceptable for a machine to be without antivirus. This is part of the "layered security" concept. Antivirus backs up any other security measures you already have in place. If one of your other security measures misses a threat the idea is that your antivirus will block it before any harm is done.
Mail filtering is more of a preventative measure than a defensive one. The goal with mail filtering is for it to catch and stop any harmful email containing viruses or other bad attachments from being delivered. Thousands of viruses are stopped everyday by this simple measure.
End User Awareness
All of the measures we have discussed today have to do with end users and their computers. End users are one of the weakest links in the security layer. It is important to educate them so they can make good decisions to protect their computers, the company, and important information. A few things to discuss with them are:
The reasons it is critical they choose good secure passwords and the importance of changing them every so often.
If a policy is in place, remind them of it frequently.
Make sure they don’t overlook little steps, for example, they should never write their passwords down or keep them near the computer.
Make sure the users know about antivirus and what should be installed, so if by chance they receive a pop-up for Norton when your company uses MacAfee they won’t click on a potentially harmful link.
Inform them to refrain from opening suspicious email from someone they do or don’t know.
Remind them no company, bank, or tech support department will ever ask them for personal information (username, password, social security number, etc.)
Don’t click a link or an attachment that does not look reputable.
In the second part of this we will discuss the other basics for keeping your company’s information safe, your infrastructure protected, and explore the most common method used to steal identities and other information: Social Engineering.
Follow the author Amanda Lewis, Service Coordinator for LimeLeap, on Twitter: @Tiny_Techie