Once again, touching upon basic principles, we will outline 10 important steps which will aid in decreasing your company's chance of being compromised and also reduce unexpected and unwanted expenditures. This is not to say these are the only steps to be taken but, if any of these steps are not being implemented in the workplace or home environment, you must employ them as soon as possible. Also, if you have not done so already, please review our previous articles, 'Where do I start?', 'Going Online' and 'A Pro-Active Stance'.

Disaster Waiting to Happen
There may be no asset more valued to small business and home office users than their company and customer data. Protecting your data from compromise, theft or loss must be of primary concern. Imagine the consequences to your business if you should lose critical data due to a particularly destructive virus or other form of attack; the loss could prove to be financially devastating. For that very reason, every company and user must implement and follow a basic security policy. Use the following steps as a guideline to secure your assets from potential disaster. Also, you may be interested in reading this article by Fred Langa - How Much Protection Is Enough?

The 10 Steps

1. Software Security Updates and Patches: - Major software companies generally release updates and patches to their software periodically in response to security and usability issues. You should check your software vendors' web sites on a regular basis for new security patches or use the automated patching features that some software companies provide. If you are using a Microsoft Windows operating system you should check the Windows Update site on a regular basis and/or enable the Automatic Update feature provided with more recent releases of the various Windows operating systems. According to FBI statistics, 90% of security breaches involve known software vulnerabilities where updates and patches were available but never deployed. Frankly, we find this behavior, on the part of companies and users, to be irresponsible and inexcusable. Don't be a victim or a contributor to this growing problem; update often! More on Understanding Patches.
   
   
2. Antivirus: - Designed to protect your network and your computers against known viruses, antivirus software is a must. Keep in mind, the fact that you have antivirus software installed is not enough to ensure your protection. New viruses appear daily and antivirus programs need regular updates to recognize these emerging threats. Failing to regularly update your software will quickly render it ineffective. All creditable antivirus software includes an automatic update option; enabling this option is strongly suggested. More on Antivirus Software
.


3. Firewall: - Firewalls are a protective barrier between your computer and the outside world. They generally come in two forms, software firewalls and hardware firewalls. A good firewall will filter unauthorized and potentially dangerous data from the Internet while still allowing legitimate data to reach your computer and should block unauthorized data coming from your computer. These days, whether you connect to the internet via dial-up or broadband, you should always have a functioning firewall. RSS Technologies recommends Zone Alarm (they also provide a free version for home users). We also recommend a multiple-layer defense. For example, if you are using a broadband connection you should use a router/gateway with a built in firewall and also run a software firewall on all individual machines within your local network. Keep intruders out! More on Understanding Firewalls.



4. Password: As a rule, passwords should always be at least 8 characters long and consist of some combination of all of the following: numbers, uppercase letters, lowercase letters and special characters. They should be random and hard to guess. Change passwords regularly, at least every 90 days. Never share passwords with unauthorized persons. More reading: Choosing and Protecting Passwords and How To Build Better Passwords.



5. Email: Email continues to be a major source for the distribution of attacks. Many email borne attacks can be avoided with a little common sense and user awareness. Microsoft has some informative articles here. As a standard practice you should never open mail from unknown sources and never, never open attachments unless you are absolutely sure of the sender and the reasons they have sent the specific files. If possible, you should set your email program to read all messages in plain text, turn off message previewing and set your security settings to 'Restricted Site Zone'. Learn about and beware of phishing attempts and never purchase merchandise from unsolicited email, known as spam. You should be running antivirus software on your email server or be certain you ISP (mail provider) does the same. It is best to stop threats before they even reach your machine or network.

If you have any questions that need immediate resolution, please feel free to contact us via email or use our online form.