Information Security Hot Tips for PC’s & Small Business November 14, 2009
Posted by Kelly Brady in : Information Security, Small Business Technology , add a commentIn my experience, most information security breaches are not caused by lack of elaborate, expensive security software, hardware and consultants. More often than not, they are caused by a simple failure to create and maintain a basic (and nearly free) security foundation.
Get the latest software patches
Always download the latest critical and security related updates from Microsoft, Apple, Firefox, Adobe etc.; as well as seek updates for other major applications you use.
Use a (Commercial) Anti-Virus Solution
Use a commercial anti-virus solution and make sure it is receiving daily updates (I just don’t trust freebies). Make sure it is performing real-time scanning and periodic full PC/hard drive scanning. Many business editions of commercial anti-virus products allow employees to run a free copy of the product at home.
Separate Physical Firewall
Add a layer of defense with a separate physical firewall in addition to your PC’s built-in firewall. Example brands: Linksys, Netgear, Sonicwall (for small businesses). For most businesses, a $79 Linksys or Netgear router/firewall is really not sufficient, but still better than nothing.
Test your firewall for free
Visit GRC’s website and find Shield’s UP, a fast, free service that will perform some basic firewall tests from the outside world…see what a hacker sees.
Encrypt Sensitive and Portable Data
Encrypt sensitive data on laptops and portable/USB drives. Look into PGP, McAfee Safeboot, Checkpoint. Also look at Bitlocker/Bitlocker-To-Go which comes with Vista & Windows 7 Ultimate & Enterprise editions.
Don’t Warn Your Friends!
Don’t warn your friends about a “particularly dangerous” virus that they need to be careful about. They should always be vigilent. If you feel the need to do this, you are probably a victim of a virus hoax and are propagating it! Thousands of new viruses and hoaxes come out each month…your friends don’t want to receive an email from you for about each one.
Phishing and Email-based Trickery
Avoid “phishing attempts” and other email-based exploits; antivirus and firewalls may not protect you.
- Be suspicious of urgent emails requesting personal information
- Don’t click on links or fill in forms found in an email. Type the company’s known web address directly into the web browser
- don’t open or click on email attachments; if you are sure they are legit, save them to your computer first and scan them with your antivirus software before opening
- Microsoft (and other companies) will not send you an “important patch” via email. Delete these messages.
Seriously, Don’t Use Weak Passwords
Don’t use weak passwords – you’d be surprised how easy they are to guess or crack (remember Sarah Palin’s Yahoo Account?)
- Don’t write passwords on post-in notes
- Don’t use the word “password” as your password
- Don’t use a word from the dictionary
- Create long, complex passwords that include some mix of upper & lowercase letters, numbers & symbols
- Have nothing in your password that can be found out about you on Facebook, LinkedIn, MySpace etc.
- The best password is somewhat random but easy to remember. Example: 4phun*CALLme
Actively Test Your Security
How do you know you are secure, if you don’t test your security in some way? There are lots of tools out there; many are free. A good one for small businesses is the Microsoft Baseline Security Analyzer (MBSA 2.1). There are also more comprehensive services out there, such as the Qualys vulnerability scanning service. These services can be pricy, but most will perform an initial or basic test for free as an incentive to sign up for their service.
Have “offline” backups of critical information
If you compute long enough, you will probably have a virus, malware or system failure that will cause loss of data. There just sin’t any excuse for making copies of important information. Keep it offline – on a powered of hard drive, DVD-R, USB etc so that it is protected from an outbreak.