Computing has become more mobile, more available and ever more global, which has brought increased benefits for companies and their employees. But with these benefits come greater threats that companies must guard against. Failure to do so can cause great damage to your company and you need to consider what you must do and how you do it.
- Above all else, have a security policy. Don’t just ignore the threats and hope they’ll go away because they won’t. If you do nothing, you will eventually suffer, so it’s essential to have a policy that you apply, evaluate constantly and keep up-to-date.
- Install anti-virus and anti-malware software to prevent attacks. These need to be installed on all computers, whether connected to the company network or standalone and whether they access the internet or not. Although most viruses and malware come over the internet, they can also be picked up from any file transferred to a PC.
- Keep updated. It’s not just a question of installing anti-virus and anti-malware software and then forgetting them, because threats change constantly. You need to update frequently so you are always protected against the latest threats.
- Scan thoroughly. When anti-virus and anti-malware software are installed, ensure the protection levels are set correctly. It is particularly important to scan all received emails, anything that is downloaded from the internet and files copied in from other sources. You should also run a periodic scan, say once a week, of everything on your hard disks to make sure nothing has got through the defenses.
- No matter what security policies you set up, the human element is often the weakest link. Security breaches commonly result from employees doing something that they shouldn’t or not doing something that they should do. It is important, therefore, that all users are aware of the hazards and their responsibilities. Emphasize that they should not open email attachments from unknown sources, download files from unfamiliar sites or undertake other irresponsible actions.
- Beware of employee discontent. One of the biggest threats to companies generally comes from within, often from employees who are unhappy for some reason and seek some form of revenge by malicious means. You should restrict employees’ ability to update data for which they have no responsibility and to copy data to external devices.
- Secure remote data. There is an increasing tendency for employees to work remotely, with mobile devices containing confidential information. These devices are easily lost and it is important that they are secured by password and that the data is encrypted.
- Social networking is used by many to make contacts and disseminate information. It is also increasingly the target of attacks and scammers. Whilst it may not be possible to ban the use of social networks entirely within the company, at least educate your users in the need to avoid posting private information.
- Although Microsoft Windows has often been the main target for security threats, this has largely been due to it being the biggest target. Many users have switched to other operating systems, such as Linux, in the belief that they are more secure. However, as their use increases, so will the level of threats and you need to be equally vigilant if you change.
- Many more devices are being used to access computer systems and, though your main network may have adequate security protection, all these devices may not. You must, therefore, restrict access from devices that are not secure.