|
 Technology
Corner
By Andrew Neal
An ounce of prevention
Recently all the major news services were running stories about
a computer virus called the Conficker
worm. April 1 it was reported; this dangerous piece of malicious software would contact its creator, morph into a more dangerous form, and wreak havoc around the world. Fortunately, the threat was misunderstood by the media and overstated. April 1 came and went with no changes to the worm and no mass attack. The story quickly faded away, along with the public’s sense of threat and wariness.
While there was no widespread damage and the threat easily blocked, this virus scare provides the perfect opportunity to make an important and significant point. Organizations with an effective information security plan already in place have little to fear
from malware like Conficker. They are also well protected from a host of other, more serious
threats.
Every organization that relies on computers or digital technology for communications, processing data, or storing information should have an information security plan or program in place. In today’s business world, that means virtually everyone. Effective information security programs need not be complicated or expensive. Written policies and procedures published to your staff, a small investment in security hardware and software, regular training and a regular review; this is the recipe for information security.
Written policies and procedures is where everything
starts. Your policies should communicate that technology resources are intended for business use only. State your policies on password sharing (don’t) and employee monitoring (do). Prohibit the installation of software and the copying or erasure of any data without permission. Procedures should provide staff with written instructions. They should include how and when for tasks like installing updates to Windows and other software (this is critical), reporting technical errors or problems, performing backups, and reporting policy violations.
Security hardware and software should be used to provide protection against malicious software and unauthorized access to your network. Costs can range from free to $60 or $70 dollars a year per user. Make sure whatever you use is updated regularly; don’t let your subscriptions lapse. Also, verify the security features are active on any wireless equipment you use.
Regular training is a vital component of any security program. Make sure your staff is aware of the risks and consequences of misusing computer resources. Show everyone how to verify their anti-virus is up-to-date, and how to spot a phishing email. There are many great training resources available on the web.
Finally, review your program. Regularly update your policy and procedures, upgrade your protection products, and verify your training. Check to see if anything in your business has changed since you wrote the plan, and make sure your security plan is being followed.
Information security is not difficult, but it does require a plan. With a proper plan in place, reaction to the latest threat in the media will not be necessary at all. Feel free to contact me if you would like more information on creating an information security plan for your organization.
Technology Corner is a regular feature of Managing Security Today. To suggest topics or ask a specific question contact Andrew Neal at (915) 544-2034 or e-mail
ANeal@SouthwestDigitalLab.com.
|
