The Big 5 of Business Computer Protection.
Businesses rely heavily on computers and technology in today's fast paced business world, but a simple oversight in one of the 5 main areas of protection for your business could be very costly. The cost of computer downtime can be easily calculated and easily avoided with a proactive approach to your business network.
Here are the Primary Protection steps that we recommend that all businesses take:
- Operating System Protection
- Internet Protection
- Power Protection
- The Blue Screen of Death (BSOD)
- Wireless Protection
Operating systems (like Microsoft Windows) are the lifeblood of any computer network, but left unprotected, they can give malicious outsiders direct access to all of your company's private information.
Simple steps such as keeping your operating system updated and limiting who can make changes to the operating system configuration are critical steps in controlling your business technology at the base level.
| Recommendations: | Benefits: |
| Implement Active Directory | Windows based server networks can be much more readily maintained and secured by setting up Active Directory (AD). It allows for centralized control of updates, deploying software and setting of policies that follow the user around the network. |
| Lock Down Administrative Rights | Modifications made by a user to a workstation are among the most common causes of problems for businesses. By locking down access to items such as the Control Panel, the Run option or even the ability to install a program, you can control how your entire network evolves. |
The Internet has dramatically changed the way we do business, but left unchecked, can be the single biggest threat to your business network. A 2006 Inc.com article claims that employees waste almost two hours per day, on average in the workplace.
Security hardware and software such as anti-virus, anti-spyware, firewalls and content filtering are key components that allow a business to maintain a secure line between the outside world and internal data and control productivity loss from unfiltered Internet access.
| Recommendations: | Benefits: |
| Network-based Anti-Virus / Anti-Spyware Software | Consumer grade anti-virus / anti-spyware software is inadequate for a business as it lacks the administrative interfaces that make managing and updating protection across the network very inefficient. A business class software solution combined with Windows Active Directory (see above) allows administration of all of the security software on all computers from a single computer. |
| Business Class Routers / Firewalls | Business networks have much higher security, administrative and performance needs than the average home, so using an off the shelf consumer router will put your business network at risk. Remote access, Virtual Private Networks and other business related needs are also more securely addressed with business class hardware. |
| Centralized Content Filtering | Controlling what and where employees access information from the Internet will greatly improve security, control malicious infections and keep productivity losses to a minimum. A centralized system is much easier to manage and does not allow computer savvy users to disable software filters installed on the local machine. |
Data loss and equipment damage caused by inadequate power protection can be very costly. Both excessive power (surges) and lack of power (sags) can cause damage to components and data, but can be easily avoided.
Blackouts (total loss of power) while rare, can be very debilitating to a business, so protecting your most important computers with more than a power strip surge protector is essential.
| Recommendations: | Benefits: |
| Use Battery Backed Power Protection on all Computers | Surge protectors only provide you with 50% of the protection your computer needs. Battery Backed power protection will protect your computers from both surges and sags. Power sags generally go unnoticed but can be a leading cause of data corruption or data loss. |
| Install Auto-Shutdown Software on all Critical Systems | A Battery Backed power protection device will eventually shutdown when the battery runs out of power. By installing the monitoring software that comes with the unit, your computer will be properly shutdown (all files saved and closed) automatically, before the battery runs out of power. |
| Install True Uninterruptable Power Supplies on Servers | An Uninterruptible Power Supply (UPS) provides better constant delivery of power along with longer 'up times' during a blackout that is essential to critical Server based computers |
Protecting your company’s data needs to be addressed in two critical areas: Backup and Access Control.
It's estimated that 60% of businesses that lose all their data will shut down within 6 months of the disaster.
The biggest hidden data loss most companies suffer is from stolen or compromised data by an employee. Controlling how and where data can be accessed will greatly reduce employee based data compromises.
| Recommendations: | Benefits: |
| Centralize all Critical Company Data on a Server | If each user's computer contains mission critical data, the task of backing up and securing that data is very inefficient if not impossible. By storing all data critical to the operation of the company on a centralized server, both data backup and data security can be more efficiently managed. |
| Implement Daily Backups that include Redundancy and Off-Site Storage | Your backup procedures should be capable of protecting you from the most common forms of data loss; fire, flood, theft, equipment failure and employee sabotage. Having multiple copies (at least 3) of all your critical data, with at least one set being stored off-site is critical. Today's Internet based backup systems reduce human error and make off-site and redundant backups more automated. |
| Buy workstations without CD/DVD burners | Most businesses don't need to have CD/DVD burners at every station, but if you buy your workstations from a retail store, you have no choice. Either find vendors that will custom configure your workstations or disable the drives so employees can't make copies of company data at will. |
| Disable USB Ports | Today's flash based memory sticks are large enough to hold the entire contents of a company's database or accounting system with plenty of space to spare. By disabling the USB ports in the BIOS or through Windows Active Directory (see above), you can eliminate data loss via USB |
| Don't Buy Printers with Memory Card Readers | Many of today's consumer grade printers include memory card readers for convenience to digital camera users. In a business, this opens up another data transfer option for those with ill intent. |
| Encrypt Critical Data | Encryption is an electronic method to scramble your data that can only be accessed with the 'de-scrambler' (or encryption key). Encrypted data, if copied is useless in the hands of the thief without the encryption key. |
The convenience of wireless networking in a business can also open up a myriad of security holes if implemented incorrectly, so if in doubt; leave it out!
Your mobile users can also become victims when using public WiFi networks, unless their laptops are properly secured against the common exploits.
| Recommendations: | Benefits: |
| Enable Encryption on All Wireless Devices | Encryption of a wireless network will ensure that outsiders can't randomly and silently access your Internet connection or company network. |
| Disable The SSID Broadcast | The Service Set IDentifer (SSID) is by default broadcast like a radio signal, which can be picked up by anyone within range. By turning off the SSID broadcast, your wireless network will be invisible to outsiders and only accessible by those that know the SSID. |
| Install Firewall Software on Mobile Computers | Connecting to an unsecured public wireless network puts your laptop on a network with others that can access or monitor your activity. Activating a Firewall program will block access from other users on a wireless network. |
| Disable Access to Ad Hoc Networks | By default, Windows will allow wireless users to view connections to actual networks (Infrastructure) or other wireless computers (Ad Hoc). Malicious users can setup a computer to look like a Free wireless Internet connection, when in fact it's a trap. By disabling access to Ad Hoc networks, mobile users will never be fooled by this exploit. |
