Lockdown! Staying safe and secure
Davey Winder, Editorial Fellow at Dennis Publishing, Three-times Winner IT Security Journalist of the Year
Computer crime comes in all shapes and sizes. Hacking is a weapon of choice for political activists across the globe, a rich seam of industrial espionage, and the favoured tool of organised criminals harvesting credit card details by the thousand. For some hackers, it’s just fun.
Unfortunately, for business owners, it can also be very costly. Cyber attacks can close down your website, disrupt your emails, and suck up the most valuable commodity you have as a small business owner: time. If you keep personal data about your clients, it can leave you the wrong side of data protection law. Plus, now that we live in a totally connected world, it’s also impossible to protect yourself 100%, just as even the most expensive alarm won’t make you impregnable to burglary.
Luckily, by following some basic rules, you can give your company protection which is workable for the everyday conduct of business and adequate in the eyes of the law. The following checklist will see you right.
Secure your network. You don’t need to be a tech genius to do this, and it’s advice we’ve been offering for years. Ensure you have antivirus software, and keep it up to date. Keep your Windows Updates switched on. Change your wi-fi access code every few weeks, and use IP-based authentication (a way of showing that a computer is what it says it is) if you can.
Know your users. Unless you’re offering free wi-fi in a coffee shop, for example, you probably know everyone who comes onto your network. Your accountant, that client with the icky beige suit, the sandwich man: you can set some ground rules and manage their access with ease. Although if your sandwich man is using your wi-fi, it might be worth asking why...
Speaking of ground rules , do have a security policy for all staff. Not a sixty-page epic which nobody can be bothered to read, but common sense advice: no browsing unfamiliar websites, no personal stuff, no running executables (programs, some of which may contain viruses), no unnecessary traffic of office documents without good reason.
Use the Cloud. We often look at the Cloud as an example of being globally connected, and therefore a security risk. However, it can also support security. Cloud services are all accessed through a browser, which means that users’ home machines, or tablets for people on the go, never need to use software beyond a browser to get their work done. That can minimise security challenges.
Educate your staff. This has traditionally been a thorny issue: nobody wants a lecture from the boss. But today’s employees often use their own computers and smartphones, they often also have some personal files on these machines - pictures of their children and pets, say. If you offer them advice which will keep their own precious memories safe as well as protecting the business, what’s not to love? Why not offer to put antivirus on their machines for them, too? Microsoft Security Essentials, for example, is absolutely free.
Microsoft Security Essentials
provides real-time protection for your PC against viruses, spyware and other malicious software. It’s a free download that’s simple to install, easy to use and automatically up to date, so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure – when you’re green, you’re good. It’s that simple. http://www.microsoft.com/security_essentials/
Use strong passwords. Doh! Amazingly, the most popular passwords are still ‘password’, ‘123456’, ‘welcome’, ‘sunshine’ and derivatives thereof (although it’s nice that us miserable Brits still think of sunshine). A blindfolded badger could guess them! Strong passwords include numbers and non-alphabetical characters, they steer clear of whole words, and they definitely don’t include the names of your significant other or names of pets.
Expect best practice from everyone. If you overload your employees with burdensome demands, their enthusiasm will crumble. But if you ask for some basic best-practice from your team, it really won’t be a problem. They need to keep their systems up to date, and anything which can be left on a train (pesky smartphones in particular) should have remote-wipe facilities switched on. Most phones will do this now; Windows Phones have a particularly good remote lock and/or wipe facility.
Speaking of theft, remember physical security. Laptops and tablets are more likely to be stolen (or lost) than hacked, so make sure your office or workspace is secure. Lock laptops away at night. And, in case of the worst, encrypt all data held on mobile or carryable devices.
Have a plan for the worst. When smart people move into a new home, they look for little things like where the water stopcock can be found. That way, when water comes pouring through the ceiling, they can begin to solve the problem quickly and minimise the damage. IT security is the same: have a plan for switching off, replacing machines, or working from home, depending on the sorts of things which could go wrong. Also, back up all important data: the cost of retrieving files is at least ten times that of protecting them in the first place – if it’s possible at all. Forewarned is forearmed!
Come back, same time next year. Nothing stays the same forever, and your technology, like your business plan, is a movable feast. Come back to your security policy annually and see what new devices or work patterns might require a little reassessment.
If you have more than a handful of PCs in your company, Windows Intune™
, Microsoft’s cloud-hosted PC security and management service, will help you keep all your computers (and their users) running smoothly. It lets you:
Protect PCs against malware
Monitor PCs for problems
Track hardware and software inventory
Give remote assistance if something goes wrong
Set consistent security policies for your PCs
If you work with an IT partner for technical support, you can also give them access to Intune, allowing them to monitor your PCs and fix problems remotely.
If you would like more plain-English advice on IT security, Microsoft is a founder sponsor of GetSafeOnline.org, an independent, government-backed source of advice about IT security for consumers and small businesses. You’ll find plenty more on their website at http://www.getsafeonline.org/