Protecting a business can be a full-time job — with full-time worries. Just consider the issues you need to be alert to every day:

• Worms and viruses that can sneak into your computer systems
• Hackers trying to gain access to your company's confidential data
• Employees who might download harmful files from the internet
• A disaster or accidental deletion that could wipe out critical business records

With so many demands and so many variables, staying on top of security matters can be daunting. Fortunately, there are basic things you can do to reduce security risks. You'll never get rid of them entirely. But by taking full advantage of the latest technologies, you can be confident you have done everything you can to protect your company.

Ask the Tough Questions
Ask yourself these questions to assess how secure your organization is and what improvements you should consider making.

	TIP: Use a pop-up blocker to protect your computer from malicious pop-up windows that open when you're browsing the web. A pop-up blocker is a utility that prevents the windows from opening. Many pop-up blockers are compatible with Internet Explorer, including the free MSN toolbar.

1. Do we have the latest updates and security patches installed on all of our servers, desktop and laptop PCs?
   If you don't, this is one of the easiest deficiencies to correct.
   • To get the latest updates for your Windows operating system, software and hardware, go to Microsoft Update. It scans your computer to determine which updates you need and then you can download any or all of them.
   • To improve the security and stability of your Microsoft Office software, go to Office Update and follow the Check for Updates link.

If you use Windows XP Professional, there is an even easier way to get updates. Simply activate the Automatic Updates feature, which allows your PC to automatically notify you of important updates once they are made available.


2. Is the anti-virus software current on all of our machines?
   It's not enough to simply have anti-virus software. Virus writers are prolific, releasing hundreds of viruses each month. That means you need to keep not only your operating system current but also your virus protection software. And make sure it is current on every PC and laptop in your organization.
   
   However, relying on users to stay current with software updates may not be effective in every organization. Employees may forget or may not think it's important. That's one of the benefits of a server-based environment, where updates to PCs and laptops can actually be managed from the server.



3. Does everyone understand they should never open e-mail attachments they aren't expecting or that come from senders they don't know or trust?
   Even with the most current anti-virus software, there's always a possibility that a destructive worm or virus will get through. That's why your entire organization needs to be cautious about e-mail attachments and downloading files from the internet. Consider making these safety tips company policy:
   • Never open suspicious e-mail attachments or those from unknown or untrustworthy senders
   • Configure e-mail to read all messages you receive as plain text to increase security
   • Set the security level on Internet Explorer to the highest level and make exceptions for trusted websites only
   • Use a utility that blocks pop-up ads, which can be used to install malicious code on computers



4. Do we have a regular back-up procedure, are we following it and do we verify the back-up is accurate?
   Backing up the data on your computers is one of the simplest and most effective "safety nets" you can institute. It's also inexpensive. The idea is to routinely make electronic copies of everything on your computers. The copies should be stored off-site so that in the event of a disaster or accidental deletion, you have a way to restore the bulk of your lost data.



5. Have we installed a firewall?
   If your company uses always-on broadband to connect to the internet, install a firewall as a basic line of defence against outside intruders. There are two basic types: 1) a software firewall such as the Microsoft Internet Connection Firewall that's included in Windows XP Professional protects the machine it runs on, and 2) a hardware firewall that blocks all traffic between the internet and your entire network except for traffic from senders who are specifically trusted.



6. Do we have a clear policy on employee internet use and is it monitored and/or enforced?
   If you don't have an internet policy, your company and employees are at risk. And the risks can be serious, from the harmful downloads discussed above to offensive and/or illegal activity that can jeopardise your company's reputation and create messy legal problems.



7. Do we use strong passwords and are we diligent about keeping them private?
   Be honest about this one: There's a big difference between having passwords and using strong passwords. In many workplaces, it is common for employees to share passwords, post them next to their computers or choose passwords that are easy to guess. Worse yet, they use the same passwords for everything and never change them. Make sure everyone knows how to create strong passwords.



8. Do we have a secure way for remote users to access our network?
   Enabling employees to access your network from the road or from home is great for efficiency, but it also exposes your network to risk. For small businesses, Windows Small Business Server 2003 offers a full slate of features designed to make remote access less risky. One is Remote Web Workplace, a remote portal that allows authorised users to access e-mail or their company's internal websites, from anywhere through a Virtual Private Network or over the internet.
   
   With the Remote Desktop feature in Windows XP Professional, you can remotely control your computer from another office, from home, or while travelling. This allows you to use the data, applications and network resources that are on your office computer, without being in your office.
   
   Making sure your company data is safe and secure is a demanding job, no question about it. But at least recent technology can remove some of the worries.