In one WiRE workshop, computer security was a hot issue. From that discussion I have put together the following tips on computer security. Hopefully these tips will be of benefit for all WiRE members. The tips assume you are using Microsoft Windows but they will also be useful for users of other operating systems e.g. Apple.
Before you read the rest of the article, stop for a moment and think: how would your business day today be affected if you computer system suddenly stopped working? Do you have a back up of your data? Your software? How/who would repair your system? How soon before you could start to use a replacement system?
Think carefully: at the very least, unless you have already planned for the worst, getting back to normal would take some hours of your or your employees’ time, it could impact the speed and quality of your communications with customers (handwritten letters just aren’t acceptable these days – though they would get you noticed!) and almost certainly would cost you money for repairs/replacement.
But don’t worry; everyone can limit the risks dramatically by following these top ten tips. They apply to large and small companies alike, although the method of carrying them out will vary depending on your business.
TIP:There is a link to a free firewall, free Anti-Virus software, firms selling on-line storage space for back-ups, security checks and other security information on the IT Accessed information page: http://www.itaccessed.co.uk/information.htm
1. Take Responsibility For Security.
It’s your business; make sure you are confident that all practical measures are in place to protect your computer system. This may mean spending some time familiarising yourself with some IT terms – but a basic understanding is not beyond someone who runs their own business. If you ensure the following measures are in place your system will be reasonably secure.
TIP:If after reading this document you are unsure of the meaning of any of the terms or want to understand in more detail, you can begin by typing “define: theterm” into the search bar on Google. For example: define: firewall.
2. Take Back Ups (Copies).
BACK UP DATA: Boring and sometimes time consuming, making a regular copy of your business data is often the task that gets sacrificed as you rush home at the end of the day. In larger companies it often assumed that effective back ups are being taken and that’s never tested until they are needed…
There are many ways to take efficient and reliable copies of your data.
Copy to CD or DVD. For very small companies a simple way to make a back up right now is to copy the data to a CD/DVD (DVDs hold more data).
Other common back-up methods include:• Copy the data to a memory stick – a device that will connect, usually via a USB cable, to your PC and to which you can send data for storage. A faster option that a CD. Buy one and try it.
• Using a separate hard disk drive attached to your PC or network to copy the data onto. TIP: For small companies search for “external hard drive” on a search engine – e.g. Google – to get an idea of what’s available.
• Backing up the data to a data storage company over a broadband connection (would almost certainly take too long over a dial up connection). See link to IT Accessed at the top of this article.
• Copying the data to a tape drive attached to your system.
For all these methods you must make sure there is enough space on the receiving medium (CD, hard drive, paid for storage area on-line, etc.) for your data.
Also consider the amount of time you want to spend backing up and how often you need to back up (think about the effect of an hour’s / a day’s / a week’s loss of data to your company).
If you are not backing up to an external site over broadband – think about where you will safely store the copy.
Make sure you know how to use the copy to restore the data!
SOFTWARE:There are many ways to back up your software as well as your data – but this is a more complex area. For most small companies the safest and most practical method is to ensure you have the original CD/DVDs for all the software on your system – these can then be re-installed if needed.
3. Install a Firewall
If you have a broadband connection to the Internet you must have a Firewall (and it’s probably a good idea with a dial-up connection). This puts a virtual wall around your computer system as it appears on the Internet, hiding it from the uninvited and only letting authorised transmissions in and out.
There are two main types of Firewall, hardware based and software based.
If you use a router to connect to the Internet it may have a (hardware) Firewall feature. Larger companies tend to have hardware-based firewalls; these are generally seen as preferable to software ones as they stop any intrusion before it reaches your main system. However they may be harder to manage for a very small company.
Software Providers. At the moment small companies most often use software Firewalls. They can be purchased separately or as part of a security suite containing Anti-Virus, Anti-Spam and preferably Anti-Spyware software. Basic but effective Firewalls suitable for small companies (please read any terms and conditions attached to the products use) can be obtained free of charge. Popular Firewall and security suite suppliers include F-Secure, Norton, McAfee – these all cost money. See link to IT Accessed at the top of this article.
4. Install Anti-Virus Software – And Keep It Up To Date!
A virus is computer software (a program, program code) that can harm your computer and use your computer to spread itself to the systems of those with which you communicate (a good way to annoy a customer!). Anti-Virus software inoculates your system from the viruses it knows about.
Keep your Anti-Virus Software Up to date.Most people realise they should have Anti-Virus software, however many people do not appreciate that they are not automatically protected against any new viruses that appear – you must keep your software up to date. Do this by clicking the update feature on your software. It’s up to you how often you do this, but the more often the better. Once a day or at an absolute minimum once a week is typical for a small business – but it depends on your operation. Most Anti-Virus software packages have an automatic update feature, but these can often not be relied upon and you should check that the updates are being done.
The comments above about software providers for Firewalls above also apply for Anti-Virus software.
5. Install Anti-Spyware SoftwarePut simply, a piece of spyware is a software program like a virus but geared to spying on your computer, usually with an aim to make money in some way; for instance recording your key presses as you enter your password for your bank account.
The comments above about software providers also apply for Anti-Spyware software. It is also essential to keep Anti-Spyware software up to date – so it protects you against new spyware programs.
6. Install Microsoft Security Updates
Make sure you install all Microsoft Security updates.
Go to the Microsoft Windows Update site and follow the instructions. The address is http://windowsupdate.microsoft.com
7. Manage Spam and Confidence Tricksters.
In this sense “Spam” is used to mean any unwanted or malicious e-mail.
Install Anti-Spam software. Note however, installing Anti-Spam software will help you identify and manage Spam, but it will not get rid of it. The comments above about software providers also apply for Anti-Spam software.
There are companies who will manage Spam for you by intercepting it before it reaches your PC. These can be effective but they can also get it wrong: you may not receive a legitimate e-mail and still receive some Spam.
As you can’t get rid of Spam completely, the most practical solution for small businesses is to make use of the Anti Spam software features and take actions not to encourage Spam. These include
• Taking care about who you give you e-mail address to – don’t register your e-mail address on “dodgy” looking websites.
• Using a separate e-mail address when you need to provide one but fear the company/site may not be very secure, or may send unsolicited e-mail to you.
• Never replying to unsolicited e-mail.
• Becoming paranoid – is that e-mail really from your bank?
• Never responding to pop up advertisements.
• Keep your password secret.
8. Use Passwords And Use Them Effectively.
Each user of your system should have a password that cannot be easily guessed and they should keep it secret. A good password is eight or more characters long with a mixture of numbers and upper and lower case letters. Change the password regularly and never store it on you PC – if a password is stored on your PC in any way, even if it appears on screen as asterisks, the password can be identified.
TIP: for a secure but memorable password, use an acronym that’s at least eight characters long consisting of letters (in both upper and lower case) and numbers, based on a song, quote or poem for example: “Show me the way to Amarillo Peter Kay” becomes the password “Smtw2APK”.
TIP: Don’t use this example as a password!
9. Use Qualified Business Focused IT Support and Quality, Standard Equipment.
• Use qualified IT technicians. A key qualification is the Microsoft MCSE – Microsoft Certified Systems Engineer.
• For most businesses it makes sense to use standard, quality equipment from a large, stable, company.
• Make sure you have the original CD/DVDs for any software installed on your system. Make sure your copy is legal.
10. Keep Your System In A Safe Physical Environment.
• Make sure no one is likely to spill coffee over your equipment, make sure you lock the door, install a smoke detector etc.
• Make sure the electricity supply is reliable and the cables connected safely. You may want to consider an Uninterruptible Power Supply (UPS) – basically a large battery – that will protect your system for a short time if there is a power cut. At least this will allow you to shut the system down safely. Even for a one PC company a very short, sudden power cut can corrupt your e-mail system making it unusable until it’s repaired (if it can be).
Allyson Cole runs IT Accessed Ltd ( www.itaccessed.co.uk), an IT Management Specialist. Allyson is currently offering a special deal for WiRE members interested in her Virtual IT Director service.