Yes. Spam is a problem. Screening and deleting junk e-mail messages wastes your time and your staff's time. And if a junk e-mail attachment is opened, it can unleash a virus.
But if your office predominantly focuses on battling spammers, you might be ignoring much more serious threats that can actually cripple your entire operations. When thinking about computer and network security, begin by sorting out what constitutes a genuine security menace to your computer systems, and what is mostly a nuisance. Here's guidance to help ensure that you're drawing the battle lines in the right places. On This PageSending e-mail messages: Lose sleep over attachments, not spamStudies show that spam makes up the vast majority of all e-mail messages sent. Junk e-mail filters such as the one included in Microsoft Office Outlook 2003 messaging and collaboration client can help divert these unwelcome messages from your inbox, but they can never prevent all spam from being sent to your e-mail account.
Yet remember: Junk e-mail messages by themselves don’t damage your agency’s business operations. However, there are some e-mail threats that can. Viruses and worms These small but malicious programs are commonly spread by e-mail messages. They come in the form of cleverly disguised attachments to messages that trick employees into clicking them. Once installed, viruses infect programs and files, can destroy data, and can effectively force your office to stop working altogether while you disinfect your computers. An e-mail virus can spread by e-mailing itself to people in your address book—maybe even to your constituents and stakeholders outside your agency. Worms are a type of self-replicating virus that uncontrollably spreads over networks. Not all e-mail attachments are infected. Still, it is best not to take risks. Phishing Some e-mail messages are phishing for valuable information. The sender asks for credit card numbers, network passwords, or account numbers. But links in these messages actually take you to Web sites—that often look legitimate—run by Internet thieves. If you enter your data, you give those thieves the information they need to get into your computer system and access proprietary and confidential data. In the example of a phishing e-mail message below, the sender might place a link (1) that appears to go to the legitimate Web site. But it actually takes you to another address (2), a phony scam site, or possibly a pop-up window that looks exactly like the official site.  Recommendations: | • | Instruct all agency employees to never open suspicious attachments that they do not expect. | | • | Remind employees to use extreme caution when responding to messages that ask for passwords, security protocols, or account information. If an employee has any doubts about the validity of an e-mail message, he or she should contact the sender by phone and verify the legitimacy of the request. Employees can also download the MSN toolbar with phishing filter or the Microsoft Internet Explorer 7 beta. These are two Microsoft products that can help protect against fraudulent Web sites and personal data theft. | | • | In the event a virus-infected attachment is opened, make sure your antivirus software is up-to-date and that you have installed security updates for your operating system and other software. |
The Internet: Fear downloads before pop-upsPop-up ads in your browser window are indeed annoying. They interfere with Web surfing and searching. But, like junk e-mail messages, they pose a minor security risk to your information systems. Programs that your employees download from the Web are another story, however. | • | Viruses and spyware: Programs downloaded from Web sites can contain viruses and spyware. Spyware can enter your computer systems through infected e-mail messages and can secretly monitor what employees type as well as record identification numbers and passwords. Spyware can also enter your computer through security holes in the software you use. | | • | Adware: Adware installs itself in a similar manner to spyware, though it typically just displays extra advertisements when you are online. Adware can slow down your computer, and it can be frustrating to try to close all the extra pop-up windows. But it can not destroy your data. |
Recommendations: | • | Create a security policy that clearly states what employees can download to their office computer and what they cannot. Explain in person to employees why the policy is important. | | • | Consider using software that checks for and removes spyware. Microsoft has Windows Defender, a no-cost spyware protection program and a malicious software removal tool you can use to rid your PCs of unwanted software. Install this software to help protect your computer from spyware. | | • | Use a firewall on your PC and a router for network protection. The combination of activating the built-in Windows Firewall and adding a network protection device enables you to filter or block Internet traffic to and from sites with security risks. | | • | Make sure your antivirus software is up-to-date and that you use it often to thoroughly scan your system. If antivirus software was installed on your new PC for a trial period, be sure to buy a subscription after the period expires. Or buy and install a new antivirus product. | | • | Regularly check with your software manufacturers to make sure you have downloaded and installed the latest updates to patch security holes. If available, use an automatic update service such as the one available with Windows XP. |
Data Protection: Worry about backups before hackersHackers—Internet intruders who work their way into your computer network—garner considerable media attention, especially those who are identified and captured. But you have more to fear from bad data back-up habits than cyber villains. Without regular data back ups, hardware failures, accidental deletions, and floods and fires can permanently wipe out all your personnel and public records; operational processes; and compliance, economic, and regulatory data—all the critical information you need to run an efficient and security-enhanced government organization. Recommendations: | • | Back up your data weekly (if not daily) to a CD, shared folder on a network, or second hard drive. Windows XP includes a back-up utility that can perform scheduled backups. | | • | Test your backups regularly by restoring your data to a test location. Otherwise, you'll never know if the data can be successfully restored if and when you need it. | | • | Keep a copy of your weekly backups at another location to protect them in case of a fire, break-in, or other disaster. |
One of the keys to any organization’s success is setting the right priorities. The same is true when protecting your government agency’s computers. Understand that not every computing problem carries a security risk—but be sure to address the ones that do.
| |
