In the good old days, of Internet access, security seemed so easy: install virus protection and a firewall, don't download files from unknown sources, and your network should generally be safe. Unfortunately, as users have gottenbecome smarter about security, the hackers have adapted as well.
- In late 2005, Trojan Horses, which can damage files and open your systems to further attacks, began spreading among Windows users who had done nothing more than view photos online
Other users found that simply playing Sony certain music CDs in their system had made them vulnerable to attack, due to digital rights management software installed on some music CDs.
Patch at your own risk
Being careful about how you solve security problems might be just as important as finding the problems in the first place. Third-party patches often promise quick fixes to urgent problems, but may come with their own security risks. Just last month, an unofficial open-source patch promised to fix a critical flaw in the Windows Meta File format, enabling anxious network administrators and savvy home users to fix the problem without having to wait for Microsoft to come up with an official patch.
In this case, the third-party patch worked just fine. But even the creator of the patch, Ilfak Guilfanov, recommends caution about third-party patches. In an interview with SecurityFocus, he warned, "As a general rule, they should not be applied. Can third parties be trusted? Do they have the testing resources of the vendor?" The unfortunate truth is that most of today's security questions don't have simple answers, and most crises still need to be resolved on a case-by-case basis. Nevertheless, following some proven principles can greatly reduce your risk.
Basic steps for better security
How can you keep your business network safe in light of these new and constantly changing threats? While accessing the Internet will always contain some element of risk, here are seven simple steps you can take to make surfing and communicating safer.
1. Update regularly.
- It's not enough to install antivirus software - you need to update it at least weekly in order to be protected from the latest threats. Most antivirus applications will automatically check for updates when connected to the Internet, but you need to double-check your settings to make sure you select that option. In addition, don't forget to check for updates to your operating system and firewall. HP's personal computing security center a gives you a one-stop location to check for updates to your anti-virus, firewall, and operating system software, as well as providing helpful security information.
2. Can the spam.
Use a spam filter. Not only does sorting through junk e-mail lower productivity, it increases the chances that someone will accidentally click a link or download a file that will place an unwanted program on your network. If spam is a significant problem on your network, HP offers more tips and an online class on stopping spam.
3. Don't fall for the tricks.
In 2005, many people who knew better than to click on an e-mail attachment were tricked into downloading the Sober virus by the promise of free tickets to the 2006 World Cup or a free Paris Hilton video. No matter how appealing the offer may be, if you don't know the sender, don't open the attachment. If you think something might be a virus, you can always check the list of recent viruses at Symantec.
4. Protect against IM threats.
As instant messaging has become a more popular way to communicate with coworkers, it's also become a more popular way to spread worms. Security vendor IMlogic reported that IM threats rose 1500 percent last year, and in one instance, 10,000 desktops were made inoperative. Protect yourself by installing IM security software.
5. Always use strong passwords.
Whether on mobile devices or desktop PCs, use passwords whenever possible. You never know who'll try to use your system when you're not around ?the night cleaning crew? The person who finds your lost iPAQ in a cab? Protect yourself with this most basic form of security.
6. Educate your staff.
- Does your summer intern understand why she can't download music off a peer-to-peer network at work? Do your employees know what kind of surfing is acceptable during the lunch hour? Do they know they should never surf from the server? Every business should have a clear policy governing Internet access, e-mail, and IM. Enforce your policy and conduct periodic audits to make sure that people do not have rights or access they should not have. If you don't have the time or the staff to educate your employees, you might consider using one of HP's online security courses to alert your employees to the dangers lurking in the online world.
7. Create a mobile security policy.
- Many security experts fear that the growing number of Internet-capable handheld devices may make them the next big target for hackers. Even though your business may not provide handheld devices, employees may be synching their handheld devices and introducing a threat to the corporate environment. For employees who sync their own Internet-capable handhelds with their work PCs, establish a company policy that encourages the use of passwords on these devices and regularly scan PCs for viruses that they might have caught from their mobile cousins.
