By Harry S. Dennis, III for BizTimes Media
Imagine that someone hacked into your customer database and stole sensitive information, including credit card numbers. The consequences would be enormous and could include legal costs, lost productivity and your reputation.
My thanks to Mike Foster, Vistage/TEC speaker from The Foster Institute, for his insights about IT security and his five strategies that can reduce the threat or vulnerability of your firm to a serious breach.
1. Work station currency
Unexpectedly, all of your work stations can simultaneously be attacked by the same virus, worm, malware or spyware. Everything shuts down.
It happened to us at TEC. Thankfully, our outside computer consultant was able to quickly respond and fix the problem.
Here are questions to ask your IT pro:
Are you current with Microsoft “important updates,” “software optional updates,” and “hardware optional updates?”
Do you use Windows Server Update services which automatically deploy updates to all your work stations? The patches can be deployed, one at a time, to make sure they don’t interfere with any applications you are running.
What about your personal computer? Go to MicroSoft.com and select “Security and updates.” Never respond to any unsolicited pop-up offering updates, since these may be malware.
Today’s hackers are also attacking applications, as well as operating systems. When was the last time you or your IT professional installed patches to your Adobe Acrobat Reader?
2. Anti-virus/anti-spyware
How about this situation? You go to your bank’s website and enter your username and password. Unknowingly, you have spyware on your system. Every keystroke is now in the hands of hackers.
To prevent this from happening, ask your IT pros if they’re using a centralized anti-virus/anti-spyware tool and updating it – get this – several times a day.
You should also scan each work station and your primary server daily because anti-spyware won’t always detect malicious spyware when it initially shows up. Some malware actually mutates to avoid detection. You might not catch it until after it penetrates your hard drive.
The most important tactic your IT team can use is to immunize work stations and make it harder for spyware to grab hold upon initial penetration. Symantec/Norton, MacAfee, Trend Micro, and Microsoft’s free security essentials all offer satisfactory protection. Let your IT pro make the call on this.
3. Firewall networks and work stations
Without getting into great detail, every work station needs its own firewall. This is because viruses and other spyware intruders can penetrate networks via a CD, USB memory stick, or laptop that an employee is using outside of work.
That’s why your network needs one or more hardware firewalls and each work station needs its own software firewall. Windows XP has a simple firewall, and Windows 7 has a better one if properly configured. The main point here is that to ignore the protection that firewalls offer is simply business-foolish and costly.
4. Password policies and procedures
Do you have an informal “sticky-note” password practice in your business? It’s easy to spot. Employees attach little sticky notes that serve as cheat sheets for log-ins and passwords onto monitors or cubicle corners.
Worse yet, is there a PW list that floats around the office, virtually accessible to anyone within reach? Or a list on your work stations that outlines PWs and their application or ownership?
It may seem harmless on the surface, but putting that information in the wrong hands can be catastrophic. Customers, vendors, disgruntled employees and contract cleaning workers can share the information with others who have no legitimate need to know.
The solution? Have mandatory restrictions on how passwords are used and insist that employees change passwords every 90 days. Your IT pro can build in these requirements and specify the desired length of passwords (at least eight characters recommended).
Yes, it makes the employee’s life more difficult, but it may save a crash or spyware intervention with far more costly consequences for the company and its users.
5. Lock your server room
This sounds like an afterthought, but the last thing you need is a hacker who breaks into your server and hacks into your system before you’re aware of what has happened.
These simple steps usually suffice: locking the door with limited access via a padded key system, using a wall air conditioner to keep the room cool, inside door hinges, and replacing suspended ceilings with impenetrable fireproof structures.
Better safe than sorry(and miserable)
We may as well expect tighter regulations that protect business stakeholder privacy. The failure to take adequate protective IT measures can result in severe business penalties, embarrassment and unforeseen financial liability.
The time to act is now, before it happens. Until next month, make sure you’re IT secure.
Vistage Sued by Long Time CEO Group Member for $5.3 Million. Please See Press Release at www.MemberLawsuit.com. Please contact us if you have had a similar experience.
ReplyDelete