Overview

In our experience, there is much misinformation and misguided thought on computer and network security today.  We find that we sometimes worry about more esoteric threats before taking care of the most basic issues.  Good computing security doesn’t have to cost an arm and a leg.

Keeping the main thing the main thing

Backup Your Files Often

The most important thing is your data.  This includes your files and other personal information.  Protect these by backing them up to another location.  Keep multiple back-up versions with the ability to go back in time (restore dated copies).

Part of this knowledge is understanding that almost one third of all users have excessive access rights to information and data that is not relevant to their jobs (from Deloitte’s 6th Annual Global Security Survey).  Users should only have access to things (files and data) that pertain to their job as defined by segregation of duties and responsibilities – having “authorized access to systems and information needed to accomplish their jobs”.

In addition to periodically backing up your data, your ability to restore these files is important, too. It is extremely important to regularly test the restore capability.   Why?  Because you’ll know it works!  This is critical to know especially when restore is needed in disaster recovery situations (fire, disk crash, water or coffee damage, etc.).  It is not uncommon for untested tape backup systems to fail when asked to restore.  It is common today to store data at a remote (offsite) facility for the purpose of backup.  If this is the only backup, how quickly can the system be restored in the event of a total system failure?

Passwords

Make Your Passwords Unique

Many times passwords are simple and guessable words that relate to a person (kids/pets names etc…).  A good password will not be a word that exists in the dictionary but is easy enough to remember.  Even the strongest password is no good when it has to be written down and ends up on a Post-It note next to the computer.  Create passwords that incorporate mixed case, letters, symbols and numbers.  Mix easy to remember items together (use keyboard patterns as well).  $tep0Nup! is a good example.  Qwerty would be an example of a keyboard pattern (though not a good password).

To help remember your many system sign-on IDs and password, use a password manager tool.  These software programs contain a database that allows you to have one sign-on into a database and contains all of the other passwords that you have created and maintained.  See review of various software tools, such as: RoboForm Pro (http://password-management-software-review.toptenreviews.com/roboform-review.html).

Policies

Policies are written company statements defining how company computing resources may be used on the job.  Policies can be as simple as the written guidelines in the employee handbook.  These policies address acceptable behaviors regarding use of your company’s information systems.  It is alarming how many companies allow employees unrestricted use their computer systems.

By implementing these relatively simple, low cost suggestions, you can improve computing uptime, lower your support costs, improve productivity and reduce your business risk.