Computer viruses are an ever-growing threat. The dreaded MS Blaster Worm hit millions of machines across the globe, catching many firms large and small unawares and costing them man-hours and money trying to rectify the problem. Simon Heron, Technical Director, Network Box UK (www.network-box.co.uk) explains how your business can keep itself safe.
As the Internet and email are vital tools for almost all businesses nowadays, it’s important they can be used safely and securely. You may have seen and heard a lot of stories about viruses, spam and other risks. This week alone has seen the nasty MSBlast worm infect thousands of commuters. So how should you deal with these threats for your business?
To start with you need to take internet threats seriously, and analyse them as you would with any other business risk. There is good protection available for a reasonable cost, and some simple tactics can make a huge difference. Get things in proportion: if your whole business revolves around taking orders and credit card numbers from a website, you’ll need a different form of protection than a sole trader who does the accounts on a PC.
The points below cover some of the main areas to think about. As a bare minimum, you should have some anti-virus software, and consider some kind of “firewall” to protect your computer or network from external threats
Pick passwords that aren’t obvious, with a mixture of letters and numbers. “xq34ght5” is much more secure than your girlfriend or boyfriend’s name, and is less likely to be guessed.
Don’t get caught out by hoaxes: visit www.vmyths.com before emailing your friends and customers and propagating the hoax.
If you use a Windows PC, be sure to use “Windows Update” to check for security updates.
For up-to-date news on the latest risks and viruses, visit www.cert.org. The information is fairly technical, but can help inform you of what’s around.
Spam (unsolicited email)
Never respond to spam. If the spammer has given you a valid return address you have just confirmed your email address, which could result in you receiving more spam. If not, you have just wasted your time.
Check your email server cannot forwarding mail from outside your network: spammers will find a server that they can relay from within 12 hours and a company can find itself on a blacklist after acting as a spam relay.
Viruses are generally spread in the attached files to an email, not the text of the email itself. Don’t open any attachment you feel unsure about.
Don’t open “executable” files – for example, these include files where the filenames end in “exe” or “scr”.
If you need to send or receive executables, ensure that you and your correspondents use a password protected compression file such as WinZip.
Do not believe an attachment comes from a colleague or friend just because the “from” address says it does. It could be faked, or a virus on their computer could have sent it automatically. If you’re not sure what it is, email back to confirm the attachment really is from them.
Worms are similar to viruses, and are programmes introduced onto your computer by an outsider. They can spread in different ways, so to reduce the risk you can:
Reduce the number of shared drives on your network to a minimum, by only sharing what you need to.
Ensure your firewall is correctly configured and that your anti-virus protection is up-to-date.
Consider adding an intrusion detection and prevention system, particularly if you have servers accessible by the public.
Remote workers should access a company’s network via a VPN (Virtual Private Network). This means any accesses to the network from outside the company are strictly controlled, and the data sent and received cannot be intercepted, read or even changed on the internet.
If you’ve got a wireless network or use a wireless connection when you’re out of the office, ensure the encryption (WEP) is switched on. WEP isn’t perfect, but will make you much more secure.
Security policies and management
Encourage a culture of internet security awareness in your staff. Pausing to think, for example before clicking on an emailed attachment, can make all the difference.
Put a security policy in place, so everyone knows what to do, and what not to do.
Consider content-filtering to control your staff’s use of the internet. By blocking access to specific websites, this will cut time wasted due to surfing, and reduce the risk of offensive material being downloaded and stored on your systems.
Think about how you’re going to keep all this up-to-date, and if you’ll have time. Would a managed service be more effective and cheaper?
Consider an integrated Internet security appliance that provides all your protection in one box, at the point where your network connects to the Internet.
If all else fails
Finally, backup regularly and have a disaster recovery policy in place. If the worst does happen and your IT systems become unusable, at least you’ll be able to recover quickly.