What we do buttonHow we do it buttonAbout us buttonClients buttonPartners button
  • Security Button

    What should I.T. security mean to you, the owner of a small business? Your computer network bears some similarities to the building that houses your business.

News Button

There is an enormous amount of information available on I.T. security. A lot of it is dry and technical, some of it is misleading. But what should I.T. security mean to you, the owner of a small business?
Your computer network bears some similarities to the building that houses your business.

It contains assets you want to protect.

It’s vulnerable to a number of threats.

It has entry points to let authorised people in and out.

For a physical building, the threats and controls are generally well understood. Threats like burglary, vandalism, and fire are controlled by locks, alarm systems, and security patrols.

The threats faced by your computer network are not as obvious, but just as destructive. Your network can be broken into, and data stolen or deleted, but did you know that once compromised it can then be used as a base by the attacker to (anonymously) launch attacks on other networks? Guess who Law Enforcement will be interested in if an investigation results?

There are a multitude of other threats out there, but the purpose of this missive is to educate rather than frighten. So with that in mind, here are a few good simple tips to help you keep your computer systems safe.

John Quote John
  1. Use strong passwords that have at least one number and symbol, and contain a mix of upper and lowercase letters.
  2. NEVER use your network/login password on external sites such as Hotmail.
  3. Change your password regularly. At least every 90 days.
  4. Do not share your password with anyone. This includes co-workers and IT support personnel. Your password is your “key”. Protect it like you would your house keys.
  5. Employ a strategy of “Defence-in-Depth” on your systems. For example, a firewall to protect your network connection, a defined patching strategy to keep your workstations and servers secure, and a monitored and automatically updated anti-virus product to catch things missed by the first two.
  6. Generic user accounts on networks are evil. Find alternatives. For a reason why, re-read point 4.
  7. Be suspicious of attachments arriving in email, even if it’s from a name you recognise and it wasn’t flagged by your anti-virus software.
  8. Never allow “foreign” computers to connect to your internal network. By foreign, I’m talking about employee’s personal machines or laptops brought in by consultants or sales people. If your business dictates that these computers must be used, set up a dedicated and isolated network for them.
  9. If you must use Wi-Fi, then ensure that you are using strong authentication and encryption mechanisms. Note that WEP is NOT one of these! If you choose WPA-PSK, then use a long key, and change it regularly.
  10. Protect your laptop like you would your wallet. If you use your browsers ability to store usernames and passwords, then seriously consider using full disk encryption and re-read point 1 above. Twice.