Re-visiting Information Technology security

Tom Sangala October 25, 2017

374 2 minutes read

IN this age of internet dependency, security continues to be an area of concern for any IT user – whether a home or business. Here are some simple and quick steps that should provide peace of mind and confidence that your device and personal data is safe. By devices, I mean, computers, laptops, tablets and smartphones.

Firstly, ensure that your device updates are not ignored. They often include security patches that will ensure your hardware remains current and safe. These can be time consuming, and costly if you are on a restricted internet data bundle service, but the cost of repairs or replacement are much higher – let alone the cost of lost critical data. Likewise, ensure that you have an anti-virus solution that is up to date and constantly kept up to date. Personal users running Windows 7 or later will have a free anti-virus option available from Microsoft. In Windows 7 – this was Microsoft Security Essentials. This has now been updated to Windows Defender and comes bundled with Windows 8 or 10. This anti-virus protection will suffice for personal users, as long as they are aware of and avoid any high risk online or email activity. Anti-virus solutions cannot automatically block unsafe user activity. Corporates need to consider a corporate solution.

Most companies, by now, should have a clear IT user policy – defining clearly what users can and cannot do on the corporate network. If a user undermines these policies in any way – your company data is no longer secure. Companies need to take a strong stand against such users, and they must suffer the consequences of their action. I have seen numerous examples of users disabling anti-virus and internet filtering protection so that their machine runs faster, or allowing access to unsafe websites. First issue – the IT support team has not configured this protection correctly – thus enabling users to amend company security policies. Secondly, the risk to the company of these deliberate actions is very real.

Do you have an established password policy? Does it include server and wireless authentication procedures? Is it established policy that once an employee leaves the company, their account is immediately deleted and all known system access passwords changed? When was the last time you changed your server password? Changing passwords across an organisation can be a headache, but the potential security risks can and do cripple companies. Allocated passwords should be strong – there is plenty of advice online on how to achieve this. Ensure passwords are changed every 30 to 60 days without fail. On wireless networks – never offer open wireless. If you are a company that offers wireless to your visiting clients (hotels being an example) – ensure that your password is only made available from one of your staff, and change these weekly, if not daily. I regularly hear about company wireless passwords being offered for sale at low prices in the cities.

If storing business critical data on personal devices or servers, consider encryption of your disks – not only servers and devices, but also your external flash or backup drives. Windows makes available BitLocker Drive Encryption in their latest OS. This ensures that no one but the user can access the files stored on these devices.

Two other simple actions for all types of users. Set your device up to lock down after lack of use for a period of time, and require a password to log back in. My recommendation would be 30 mins – but I always lock my computer when leaving my office. Make sure you also do this on your mobile phone. Nowadays – mobile phones give always-on access to your emails, contacts, and social networks to anyone who gets hold of it. And more importantly get rid of any paper documents.

Shred or burn anything that may cause damage in the wrong hands. Set a policy that all company or confidential data is retained in digital form. The age of paper has gone – you will also save a few trees.