By Diana DiBello
If your personal or business security strategy is little more than a set of colorful sticky-notes with passwords attached to your screen, you are in big trouble!
In today's environment, we should know better than to leave passwords and other sensitive information in plain sight - making our systems vulnerable to attack. Yet, in a time when we're doing more with less and concentrating on other issues, we may forget some of the basics associated with secure systems.
Do you create passwords with a combination of letters and numbers, instead of using your middle name? Are you performing regular backups? Do you store them in a safe place, such as an offsite location?
Sure, these are basic strategies, but you really can't be too cautious. According to a recent survey from Bigfoot Interactive that ran in a story in Online Media Daily, 55 percent of online users said they had been infected with spyware. That's more than 50 percent of respondents, and while this is only one statistic among many, it should signal an alarm that we must remain careful.
The bottom line is that you can't take too many precautions, but let's get back to basics. Here are 10 low-cost security strategies for you and your business.
- Update Your Operating Systems and Software. Hopefully, you're not still running Windows 95, not because it's out of date, but because it's no longer supported by Microsoft. It's always a good idea to install the latest version of any operating system or software program because of the built-in improvements vendors put into newer versions. And, be sure to install and test updates before installing them on a network.
- Turn on Automatic Updates. Whether you operate in Windows or Mac OX, always turn on automatic updates within your system. This is the best, most accurate way to ensure you're receiving the updates you need. QuickBooks users, for example, have options to turn on automatic updates. Interrupting your day with updates can be a time-hindrance, but it's better than facing the prospect of outdated software. Microsoft recommends its free Windows Server Update Services and Microsoft Security Notification Service.
- Use Anti-Virus and Anti-Malware Programs. What better way to fight a virus than to have software installed to combat it before it does any damage to your system? There are many products to choose from, so select the one(s) that are easy to operate and update. Some are built-in to an operating system. Windows Vista, for example, includes Microsoft Defender, a program that runs in real time.
- Install a Firewall. When was the last time you checked to see if your firewall was turned on? If you can't remember, then it's been too long. First, consider a host-based or personal firewall that protects an individual system, such as a stand-alone PC. Second, consider a perimeter firewall that will handle all traffic on the network.
- Use Directory Services. A directory is commonly used for managing users and desktops on a local network. It puts all information in one place on your network so that the information can be easily reviewed. This includes information on groups, individuals, networked computers, file storage and printers.
- "E" is for Encryption. The best way to protect sensitive or valuable information is through encryption, and it does not have to cost a lot of money. The keys are authentication and confidentiality. Office 2007, for example, includes encryption technologies so that users can digitally sign documents for authentication and password-protect documents for confidentiality.
- Use a VPN for Secure Remote Access. These days, who isn't working remotely - and who doesn't need access to their files? A Virtual Private Network solves most security issues associated with remote access due to the encryption associated with logging into a system.
- Protect Your Wireless Network. No matter where you go, you still find wireless networks that are not protected! This leaves the owners vulnerable to attacks that could have easily been prevented by installing a secure wireless network. Consult your router documentation on how to set up a secure network, or search online for how-to instructions.
- Make Users More Aware. Not enough can be said about training your staff so they can be much more aware of security. A smarter workforce is a more secure workforce. Consider discussing security during staff meetings, or bring in outside experts to provide a third-party perspective.
- Set up Your Policies. A secure system is based on a thorough set of rules and limitations as to what users can do. For example, do you allow your staff to download any program they want? Consider writing a set of policies that clearly outline this and other areas. Not only will you have given the staff clear guidelines; they now have a reference point to begin understanding sound security.
Implementing and maintaining security in your systems and processes shouldn't be a chore - and it doesn't have to be expensive. You'll want to investigate and try various approaches that make sense to your own systems. Remember: Nothing is a cookie-cutter solution. However, doing anything more than what you're doing now is a step in a secure direction.
About the author
Diana DiBello is director of product development for SpeedTax, a provider of sales tax compliance software solutions. She previously was a senior manager in the state and local tax services group for Grant Thornton. Contact her at [email protected].
Sources include a white paper from Microsoft, "Security Strategies for the Midsize Business."