Online Security for Business: User access threats
The biggest security threat to your company is you and your staff - not the internet.
The internet is merely a communications channel for data - it's how you manage that channel and that data that is important.
With computing, shared networking, and internet connections, it means that information can flow more easily between PCs.
But that also brings with it added security risks - it's easier for people to find your logins and try and force them, and opportunists will try and steal your passwords where they can.
Ultimately, it's not up to the internet or existing software to reactively protect you against every instance of a security threat - you need to take proactive action in the first place to minimise those threats.
This really needs underlining, because even the most sophisticated security equipment will not protect you as required if it is poorly used.
Ultimately, protecting your business can be as easy as using common sense and following very basic steps.
Here are a few basic tips on how to protect against these user access threats:
<ol>
<li>Don't use the passwords manager on Internet Explorer to save passwords. If your PC is infected with a trojan or virus, this is often one of the first places they check.</li>
<li>If you save your passwords to a file - a text or Word document - don't name it something obvious like "passwords". If an unauthorised user got into your PC, you want to make it hard for them to locate your passwords. .</li>
<li>Again, if you save passwords in a file, don't use the word "password" in such a file either. Otherwise an unauthorised user could simply use your computer's "search" facility for that word, and go straight to them. Simply use the initials "U" and "P" for "username" and "password" - that will be much harder to search out.</li>
<li>Only provide password information to people who need to use them - and if someone needs to use a password protected feature temporarily, then change the password afterwards. After all, you cannot be certain how well third-parties will protect your important security details.</li>
<li>Have different levels of passwords for different operations. For example, have a different password for accessing your e-mail, and a different password for accessing your website. That way, if someone somehow finds out one of your passwords, they cannot access all of your business operations.</li>
<li>Create really secure passwords by mixing up letters, numbers, and using upper and lower case, and even punctuation marks. Make passwords memorable by basing them on acronyms - ie, this is an article called "Online Security for Business: User access threats" and is written in 2006 - so an acronym from that could be: OS4Buat2006. That's a strong password, and it's much easier to remember as an acronym.</li>
<li>Don't install desktop search applications, even by reputable vendors such as Google or Yahoo!, as they will not only help you find information quickly, but will also be invaluable to a hacker looking for sensitive information on your computer system. Instead, keep your files organised on your PC so you don't need to resort to a desktop search tool in the first place.</li>
<li>Ensure you install anti-virus, a firewall, anti-spyware and anti-adware - and keep them up to date. This will make it far harder for anyone to access your machine without authorisation, The best of these software types will also keep checking the internet for updates.</li>
<li>You should ensure you make regular hard-copy back-ups of your computer data. And store them safely and securely, in a restricted place - such as a safe. You can make these backups to computer tape, DVD or CD media, or even just save everything to a USB stick at the end of the day.</li>
<li>Ensure you have off-site back-ups of all physical and electronic data essential to your business. In the event of catastrophic damage to your premises, you can at least restore basic business operations.</li> </ol>
<h2>Conclusion</h2>
You are never going to be clear of security risks - but you can certainly minimise them. Keeping a security-conscious office is neither expense nor time-consuming. Considering the costs of losing essential data and equipment, can it really be that hard?
About the Author
Brian Turner runs Security Watch, a site that keeps up to date with exploits and security discussions. He also runs the online security resources Trojan Library, Worm Library and Virus Library
Tell others about
this page:
Comments? Questions? Email Here