ITsManaged

Most are preplexed by the apparent complexity of security in an office. Armed with the thought "who would want to atack me" you probably rely on security suites installed on the desktops and/or laptops as if that is the end of the matter. Yet, so many business computers suffer from malware, many business sites are attacked every year and countless email address books are extracted for spam without the user knowing it has happened.

The damage is not just to your business, but others with whom you communicate with. Incorrect, poorly managed and insufficient security drives the extortion, cybercrime and spam markets to ever greater heights.

The good news though is the perception that security can be complex is incorrect. It can be if you listen to the spin from the vested interests, but the reality is that it is common sense.

Consider your office; you lock the perimeter doors at night, you have a 'back to base' alarm, you lock filing cabinets and perhaps leave security lights on. When you are open for business, everyone is vigilant for who comes in. You have a reception area and perhaps even signs like "staff only" etc. You won't let anyone just waltz in! When junk mail is delivered, you don't spread it around the office, you have a quick look at best and then destroy it.

Here is a very brief overview of computer security for a small office, you will see parallels with your physical office security.

• Create security rules for your staff - e.g. don't click on pop-ups offering computer fixes, open email attachments without being absolutely confident of the source and the content.
• Use your company wide firewall to the full; block spam, scan for viruses, block harmful sites, detect and repel hackers. A word of warning here though, most broadband modems are not up to these tasks, and they suffer from the inability to update often.
• Ensure the firewall you use has updates published on a regular basis and they are applied to the firewall. Cybercrooks rely on new methods of attack and reputable firewall vendors test and correct their appliances in response. Such updates can happen on a weekly basis.
• Similiarly with your servers and desktops - get and apply security patches as soon as they are published - again usually weekly.
• Ensure your desktops have up to date anti-malware programs - the free ones work well, just choose a reputable brand, and ensure free or paid for versions are all up to date every day.
• IT may be wise to train your staff and insist they do updates and patches on a regular basis to thier desktops.
• Install a scanning anti-virus suite and have your staff run regular deep virus scans on their hard disks, preferably in 'safe mode'.
• If your desktop security suite does not provide a firewall, that's fine - ensure that the operating system firewall (most come with one) is turned on. 

The same is true for you website. Ensure your website company updates and patches the website as well as underlying operating system on a regular basis. Ensure initially that it is configured for security.

Question 1: Do you have a receptionist?

Many offices have a "gatekeeper" - the receptionist who stops, or alerts others to intruders. In computer-speak, this gatekeeper is called a "firewall". 

Question 2: Does your vet physical access, check visitor credentials, filter junk mail and unwanted phone calls?

In computer terms, these functions are performed by a good firewall - spam, blocking bad or illegal sites, checking remote access credentials, detecting and stopping illegal entry (hacking), but allowing authorised access, such as your staff when away from the office.

Question 3: Do you have Locks installed on important filing cabinets, storage rooms and other secure places?

This is the domain of the desktop and central server - where your documents and files are. They need to be properly secured and you should have a good maintenance program that includes updates to anti-malware, regular scans and the application of security patches. New Internet threats are emerging daily. To keep up with the latest threats, you need to keep all your security software up-to-date.

Question 5: Do you photocopy imporatant documents and keep the off-site like at your Accountants?

As long as you're connected to the Internet, perfect security is impossible. That's why remote backups are so important. If someone gets into your network and messes with your files, you can retrieve the backups and keep on working. The other issue that arises is computer failure or infection that corrupts your files or makes them inaccessable. 

The most common problem with backups is simply forgetting to do them. So make sure your files are being backed up automatically, every night.

Question 6: Do you have an agreed Office Code of Conduct? 

Technology alone cannot protect your company from Internet threats - you and your staff should have a "Code of Conduct" that includes

• If a web browser warns that a website is not safe, leave immediately. (more about this later)
• Don't indiscriminately click on pop-ups promising something.
• Avoid pornographic websites and illegal download pages, as these are common sites of attack.
• Don't open email attachments unless you know the sender and you're confident the email was written by them. That includes seemingly harmless attachements such as ".doc" and ".pdf" files - the recent attacks on Google, for example, relied on employees opening a ".doc" attachment that contained malicious code.
• Ensure they are aware of phishing scams - where illegitimate internet sites masquerade as legitimate sites. Become familiar with your browsers security indicators and what they mean.

Question 7: Get rid of clutter.

Every program that's installed on a computer is a potential security risk. To reduce this risk, uninstall any programs that aren't used on both your desktop computers and the server. If you're unsure what to remove, do it with a computer expert at your side - guessing can give bad results!

Question 8: Is all of your software being kept up-to-date? (desktops and your server)

Keeping all of your software up-to-date considerably reduces the risk of your network being compromised, because updates generally fix the most common exploits. Updates should occur either automatically when an update is released, or at the latest a few days after they're released, so as to minimise the window of opportunity for attack. And make sure that "under-the-bonnet" software, such as "hardware drivers", are kept up-to-date! 

Question 9: If you're using Internet Explorer, is it possible to change web browser?

This is somewhat controversial, but it's generally believed that Firefox is a more secure web broswer than Internet Explorer. Firefox also has some great security and privacy plug-ins, including "Web of Trust" and "BetterPrivacy",

ITsManaged provides all these services and more, but we do it intelligently. There are some functions that must have humans involved, and sometimes the human must have specific skills, but other times, the response can be automatic. e.g. is the desktop firewall on? If not, automatically turn it on! Scans, virus checks, security checks - all are automated for the one simple reason - cost.

For a few dollars a week, each and every desktop and server can be capably managed by experts training in security. Automatic backups, secure, capable firewalls - we provide the entire maintenance and security system for you so you and your staff can focus on generating revenue and not the computers.