This month – security advice for IT users in the workplace. Words by Matt Ryan
How can you keep your internet use secure at work? What’s the best software? What’s the most secure device? The truth is that there’s no silver bullet on the market and those products which do come close are generally well beyond the budget of the SME’s that I typically work with.
And even huge enterprises that can afford ‘Best of Breed’ security solutions still get hacked; Sony, Google, Verisign, even RSA Security have all had their defenses breached in recent years. Google even reportedly fell prey to the Chinese Government using a well published vulnerability in an old version of Internet Explorer. Simply keeping their software up to date would have prevented the attack.
I’m going to assume that you all have your firewall turned on. And likewise that you’re all running some antivirus software. But there is more that you can do to protect yourself.
Weak or stolen credentials – Depending on who you talk to, weak or stolen credentials account for 70% – 80% of data security breaches. But it’s breathtakingly simple to avoid.
Change passwords regularly and enforce strong password policies across your business.
Change the default credentials on equipment like ADSL routers and Wi-Fi Access Points.
Never use a password that’s a name or is in the dictionary.
Change the network name on your Wi-Fi router and only use WPA2 / AES to secure the network (don’t panic Mr Mainwaring! They’re easily found in the security settings).
Don’t make paper or digital notes of your passwords. It’s astonishing how often I find passwords on a post-it note stuck to the monitor.
Ensure that your devices lock when left idle.
Software vulnerabilities – The next biggest culprit.
When that little flag pops up to tell you that a new version of your Operating System is available, don’t ignore it! The same goes for your web browser and any other software which connects to the internet.
Loss and Theft – We’ve all read about government and MOD officials leaving laptops and flash drives in the back of taxis. It needn’t be a disaster.
Good regular backups will soften the immediate impact.
Devices locked with strong passwords will be harder to access.
There are free apps available which will enable you to track and even wipe your missing device as soon as it connects to the internet.
Have a policy outlining what data you allow to leave company premises.
Social Engineering and User Behaviour – You wouldn’t give personal information, photos, the name of your school or employer etc. to a stranger in a cafe, why do it online? Most malware requires some level of user involvement in order to bypass antivirus software, often via spoof emails or websites. These might appear to come from an old school friend on social media for example. Teach yourself and your staff to be alert.
Don’t blindly hit the return key every time one of those irritating little boxes appears. If you don’t know what it is, don’t click it!
Don’t follow a link or open an attachment in an email if you don’t know what it is.
Know the name of your antivirus or security software. If doesn’t have the name of your antivirus software at the top of the window then it’s probably suspect.
Never put personal information in an email.
If you have received login credentials for a service via email, change them as soon as you login for the first time.
Avoid downloading free games, screen savers, media players etc.
Don’t install Java unless you actually need it.
Use an old laptop for downloading torrents etc. and scan files before transferring them to other devices.
Avoid open Wi-Fi networks. If you don’t need a password to use them then nor does anyone else. Just because the network is called “BT Safe Cloud” that doesn’t mean that there isn’t actually a hacker at the back of the cafe harvesting credit card details while you shop online. This is one of the few places where you shouldn’t even trust secure sites. I could write a whole book on hotspot hacking.
BACK UP regularly!
Matt Ryan is the Technical Director of Metranet Communications www.metranet.co.uk