Monday, February 9, 2009

Six tips for setting up a computer security policy

We talked last week about the lengths some organizations will go to train employees to avoid phishing scams. Before you start sending test scams to everyone in your network, you should have the right computer safety policy in place for employees to follow.

In a recent Business Week tip, security evangelist Ryan Naraine shared some helpful information on setting up computer security policies. The information came out of a conversation with a friend who was in the process of establishing an online printing business and looking for ways to keep his business safe from online intruders.

“The nature of Web-based threats, drive-by malware downloads, and clever social engineering attacks make it nearly impossible to be fully secure,” wrote Naraine.

After acknowledging that fact, there are six “must-do” tasks that can help strengthen your defense:

  1. Invest in security software and make sure signature databases are current. When you’re exploring security options, ask the vendor about approaches to “whitelisting” (application control), “behavior blocking,” and the use of “herd-intelligence.”
  2. Stay on top of the latest patches for Web server and desktop software programs. Set limitations as to what employees are installing on their computers and avoid programs that lack auto-update mechanisms. Keep an eye on patching known vulnerabilities in applications that are constant hacker targets, including applications like Adobe PDF, Adobe Flash Player, Apple QuickTime, RealPlayer and WinZip.
  3. Make it a policy for employees to use the safest Web browser for certain sensitive transactions. Avoid using Microsoft’s Internet Explorer for high-value transactions since it is a popular target for hackers.
  4. Establish strong password policies. A strong password should be between 8 and 20 characters, have a mix of upper- and lower-case letters, numbers and symbols. The longer and more complex a password is, the harder it is to crack.
  5. Block access to unnecessary network services and social networking sites. Hackers prey on the trusted nature of sites like Facebook and MySpace to trick users into installing malware on their computers. If an employee doesn’t require Internet access to do their job, don’t give it to them.
  6. Have a system in place to deal with accounts of former employees. Make sure that e-mail accounts and access to sensitive parts of the network are shut off as soon as they lave the company.

Remember that your first line of defense against an online attack is your employees. Employees who are trained on the threats of online dangers are your best asset.

Keep employees trained on the latest online threats and give them the necessary tools to protect their computers and you’ll be taking two big steps to improving the security of your company. Ensure your network remains safe by periodically retraining employees to keep up with hakers’ evolving tactics.

No comments:

Brought to you by