Security Cheat-Sheet
Posted by Brian Gallutia on Jan 5, 2009
Following is an excerpt from PCS’s latest newsletter on January 5th, 2009. The list below is a quick collection of points that PCS feel every small business should address when doing business online:
- Implement a firewall that has the ability to filter web traffic, detect virii, hinder spyware infections and offers reporting Any “hole” on your network used to conduct business (e-mail, instant messaging, web surfing, etc) needs to be safeguarded against attack. PCS offers the Untangle platform to safeguard our customers against outside (and inside) network attacks, and a sophisticated level of reporting is also available that can provide an audit-trail to help prevent future incursions. If PCS isn’t your technology management company, get with one to make sure that you are protected as much as possible with a firewall or network gateway.
- The largest security holes in any network are the people that use it
PCS could put your network behind 100 firewalls, 200 spyware and anti-virus programs, and 1 moat with crocodiles and if someone on your network decides to open the door and let something through, then all of that security is pointless if it isn’t managed properly. The philosophy to follow here is to limit where people can go and what people can do on your network, and to make it as hard as possible for your users to infect themselves.Examine and formalize company policies and procedures relating to computing environmentOutside of restricting certain types of usage on your company’s network from an administrative standpoint, it would be a good idea to implement policies and procedures relating to network and Internet usage for employees. Formalized policies insure that everyone in your organization knows what to look for in case of a network compromise and that the employee understands his/her liability if network security has been breached.
- Examine and formalize company policies and procedures relating to banking and money handling
As a business owner, make sure that you know who has control of the company’s money and make sure you know what’s happening with your company’s money on a regular basis. Contact your bank regarding the conditions that must be met in order to allow account transfers, perform withdrawals and stage wire transfers.
- Network Management
When PCS started operations in ’96, we were a break-fix company, which meant that we didn’t hear from our customers until they had a network problem that needed to be addressed. Within the past four years, PCS changed its focus to being a technology management company, where we make our money by insuring the customer is NOT having problems and is operating smoothly and efficiently. It is imperative that you find a technology company that is not only vested in the success of your business, but also cares enough to go the extra mile and insure that when problems do arise that they will be tended to quickly and professionally.
- Monthly, Bi-monthly or Quarterly Network Audits
PCS has tools available that allow us to make sure that a network is both secure and operating in ways that best suit the needs of your company. Auditing allows PCS to “see problems before they happen” and to hopefully curb any user behaviors that could have a negative impact on your computing environment.
- Backup Backup Backup …and backup backup backup…and backup.
Did we make our point here?In computing, “if” doesn’t exist – “if” is always “when.” “If my hard drive fails…” “If I accidentally delete my files…” “If I lose my email…” are not accurate statements. “When my hard drive fails…” “When I accidentally delete my files…” and “When I lose my email” are computing inevitabilities. The name of the game is to limit exposure to these “when’s”, and backing up critical data is key to minimizing risks.
Consult with PCS or your favorite IT professional today and review your company’s data backups. Make sure that the backups are being monitored. Test the backups to insure that the critical data that you need is being backed up to reliable media.
As an added level of security, have an off-site backup plan in place and operational. When consulting with customers on off-site data backup, I always ask “If your business was hit by a comet today, what data would you need in order to start over again tomorrow?”
- Review Insurance Policies
Murphy’s Law applies to us all, and in computing, you can multiply its likelihood by a factor of 5 (don’t call me out on this – the math is accurate). Even though the name of the game is limiting exposure, there is always a perfect storm on the horizon that can take your network off-line or expose your private data to public eyes.It’s a good idea to consult with your insurance company on liabilities inherent with doing business on the Internet. Make sure that your policies are up-to-date and that action plans are in place that can minimize the impact of any catastrophe
Employees / Security Risk
Posted by Brian Gallutia on Jan 5, 2009
Posted by surely_you_cant_be_serious at Slashdot:
A nationwide survey finds that most companies consider their systems vulnerable to attack. Historically, crime rates increase during recessions — and some believe that cybercrime may well follow suit, especially given massive layoffs and the dim prospects many laid-off employees face in finding a new job. ‘One thing companies can start doing is monitoring their networks on an ongoing basis so that they understand the normal pattern of data flow and usage, Brill said