Computer Security : Part - D

How to Keep Our Business Computers and Online Information Secure:

Make Staff Aware Of The Important Role They Play In Security:

Our staffs are our front line of defense when it comes to security. Sure, hackers can access our network remotely and siphon off data without setting foot in our office. However, vigilant employees (consultants, partners, and vendors, too) can ensure that human error—which is a big cause of data security breaches is minimalized.

Educate Our Employees:

If a computer on our network becomes compromised--whether the intrusion came from an internal fantasy-football e-mail or through a nefarious Facebook app that an HR administrator clicked on during lunch our entire operation is at risk. "You shouldn't be the only one vigilant about protecting your and your customers' information," Symantec's Cullen says. "Your employees should all be on the lookout, and you as a small-business owner should be there to give them some guidelines."
Keep employees informed about threats through brief e-mails or at periodic meetings led by our IT expert. The first step, however, is to write out a formal company internet policy, setting acceptable and prohibited online activities for employees an exercise that a distressingly small 10 percent of companies follow, according to Symantec/NCSA. For example, prohibit employees from opening e-mail attachments or clicking on links that don't pertain to company business. Or limit personal e-mail access to personal Smartphone via the employee's wireless connection, not the company Wi-Fi.

Use Strong And Multiple Passwords:

Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “dictionary attack”—an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords can’t happen. Don’t write passwords down; commit them to memory.

Encrypt Our Data:

Encryption is a great security tool to use in case our data is stolen. For example, if our hard disk is stolen or we lose our USB thumb drive, whoever accesses the data won’t be able to read it if it’s encrypted.

Use Encryption Software To Protect Customers’ Financial Information From Theft During Transactions:

Visa USA and MasterCard International Inc. require most businesses operating online to verify that we have taken a number of steps, including data encryption, to protect customers who use their credit cards. If we meet those requirements, our online operation is likely to be fairly secure.

Complying with the letter of those standards can be challenging for small businesses, which generally don’t have the resources or the security expertise of larger operations. So it can be a good idea to outsource payment processing to a company like eBay Inc.’s PayPal unit. Ensuring compliance for in-house payment processing can cost at least twice as much as outsourcing.

Encryption is also important for protecting a company’s internal information personnel files, financial accounts and product information and other data. It can foil a hacker who has gotten into the company’s computer system but can’t decipher the information.

Back Up:
Security is important, but if our data is not backed up, we will lose it. Ensure that our data is properly backed up, and test the backup to ensure that our data can be recovered when we need it.

Lock Filing Cabinets And Rooms Where We Keep Sensitive Data, And Only Give Keys To Trusted Employees.
"Oftentimes locked boxes keep people honest," said Sileo. "They're a great way to take away the crime of opportunity."

Institute A Good Privacy Policy, And Make Protecting Sensitive Data A Part Of The Company Culture:

Security policies especially regarding the use of social media are vital, according to security and privacy consultant John Sileo. If we allow employees to use sites like Facebook and Twitter at work, make sure they keep their personal life separate from their work-related social media use and monitor what they say online.

It’s one thing to ask employees to work securely, but we must also have clear and simple policies in place for them to follow to ensure that they are working in a secure environment. For example, insist that all notebook computers connected to the corporate network have security software. Mandate that no security information ever be given over the phone. Policies like this and more will help ensure that our staffs are doing their part to be security aware.

Secure Our Web Browser:

Web browsers installed on new computers usually don’t have secure default settings. Securing our browser is another critical step in improving our computer’s security because an increasing number of attacks take advantage of web browsers. Before we start surfing the internet, secure our browser by doing the following:
- Disable mobile code (that is, Java, JavaScript, Flash, and ActiveX) on websites we’re not familiar with or don’t trust. While disabling these types of code on all sites will significantly reduce our risk of being attacked, the websites we visit may not function as they normally do.
- Disable options to always set cookies. A cookie is a file placed on our computer that stores website data. Attackers may be able to log onto a site we’ve visited (like a banking site) by accessing the cookie with our login information. To prevent that, configure the browser to ask for permission before setting a cookie, allow cookies for sessions only, and disable features that keep us logged in to a site or that retain information we’ve entered, such as text we type into forms and the search bar.
- If we’re using Internet Explorer, set the security levels for trusted sites (websites we most often visit and trust) to the second highest level. At the highest level, websites may not function properly.

Make Sure Us And Our Employees Only Download Applications That Come From Reliable Sources:

Because applications (e.g., games, mobile apps) may contain viruses, spy ware or Trojan horses, it's important to know and trust the source of an application before downloading it.

Protect Mobile Work Force:

Our sales team of 10 years ago is probably nothing like our sales team of today. With the proliferation of the BlackBerry, iPhone, and other mobile devices, more of our staffs are working away from the office and away from the protection of our network security. They are operating “in the open” on our customers’ networks, public networks at coffee shops, or free networks in the park. It is important to ensure that their mobile technology, often connected wirelessly, is as secure as possible.

Implement A Multiple-Security-Technology Solution:

Viruses that corrupt data are not the only security threat. Hackers, and their attacks, are more sophisticated than ever, and it is critical to have multiple layers of security technology on all our different devices (including each desktop, mobile device, file server, mail server, and network end point) to comprehensively secure our data. This multiple security will block attacks on our network and/or alert us to a problem so that our (or our IT expert) can take the appropriate action.

Consider Outsourcing Security Or Hiring A Consultant To Make Sure Our Business Is Safe And Secure:

"You might consider, for instance, outsourcing firewall management, intrusion testing, vulnerability management, compliance management, especially when related to financial services (PCI) or to healthcare (HIPAA and HITECH)," said Heimerl. "Chances are that a qualified managed security service can provide better security than you … and do so at a lower cost, while allowing your IT staff to concentrate on the business."

Conclusion:
Securing our business’s data is not easy, and it takes expertise. However, we can implement very practical and simple solutions (such as these tips) to ensure that when a hacker sniffs around our network or computers, he (or she) will move on to another victim because our infrastructure is not worth the trouble of hacking into it. Think about our average street mugger. They want to steal a purse or wallet from the victim they think is most vulnerable, so they can get away with their crime as easily as possible. One of the most important things we can do is to educate our employees in security best practices and ensure that they know how important their role is in securing business data.

Recommendations:

The followings are some of the recommendations that will ensure the smooth functioning to keep business (our) computers and online information secure:
- Reserve necessary Data on DropBox or Google Drive.
- Don’t use free software.
- Use Best Antivirus: Bitdefender, Norton, TrendMicroTitanium, Kaspersky, Eset …..
- Don't play Social Media on business used computer.
- Must learn before using any software and device of computers.

» » » To continue reading, Click here corresponding: A, B, C and D.

References:
US-CERT (from Carnegie Mellon University): www.us-cert.gov/sites/default/files/publications/TenWaystoImproveNewComputerSecurity.pdf
Small Business Computing: www.smallbusinesscomputing.com/webmaster/article.php/3908811/15-Data-Security-Tips-to-Protect-Your-Small-Business.htm
Small Biz Technology: www.smallbiztechnology.com
Entrepreneur: www.entrepreneur.com/article/225468