Information Security – Is Your Network Safe?

Information security is a number one priority for all companies; however, the process of keeping financial, employee and other data safe is not without its challenges. There are three things every business should know to reduce its chances of becoming another network security statistic.

1. Our employees are your biggest asset, but also your biggest risk.
Websense, a web and email filtering company, indicates that 80% of all security breach incidents occur from within an organization. This conjures up an image of the bitter employee sitting in a back room creating a sinister plot or virus to bring the company’s operations to a grinding halt. While this certainly does happen, most often it is the seemingly innocent daily actions of employees that may put a company at risk. Consider the email with an attachment that is opened, launching a company-wide virus within minutes. Or perhaps employees who are web surfing on sites that are not reputable. Maybe your sales manager brings a proposal home for the weekend on a CD or floppy disk, works on it using a home computer that has a virus, and brings it back to the office on Monday to add finishing touches. What about that sticky note with a user name and password on an employee’s computer screen?

It is necessary to create a company culture of vigilance. The first step is awareness. Educate employees about the risks. Instruct them not to open emails and/or attachments from unknown sources. Reduce non-business web surfing by implementing ‘acceptable use’ policies and reinforce them.

2. There is no foolproof method to ensure total security without unplugging your connection to the internet.
Given the frequency with which new viruses are introduced, it seems impossible to keep up 100%. Here are some recent statistics from Websense that show the severity of web threats:
• 85.6 percent of all unwanted emails in circulation contained links to spam sites and/or malicious web sites
• 77 percent of web sites with malicious code are compromised, legitimate sites
• 95 percent of the of user-generated comments to blogs, chat rooms, and message boards are spam or malicious
So what can you do? The important thing is to have a plan in place for dealing with them. See CorporateMail Security* for a solution to blocking 99.7% of email-borne threats.

3. Back to the basics: what every small business should have for a more secure network.
• Passwords that change on a regular basis and are not intuitive.
The National Cyber Security Alliance recommends using hard-to-guess passwords that are at least eight characters long and mix upper and lower case letters with numbers. Don’t share your password with anyone and change it at least every 90 days.
• Up-to-date anti-virus software on all workstations and servers.
Since new viruses are created every day, it is essential to have anti-virus software that can be updated regularly to protect against the latest threats, preferably automatically updated to every workstation from your server.
• Firewall with strong traffic policies to prohibit and allow communication.
Firewalls provide protection between your computer and the world. They filter and block potentially dangerous and unauthorized data from the internet and also let ‘good’ data reach your computer. There are two types of firewalls: software and hardware. Software firewalls run on individual computers while hardware firewalls protect several computers at once. The size and needs of your company determines whether you choose one or both.
• Email anti-virus and spam filters.
Using filters to intercept email viruses and spam is an important way to protect your network. There are two types of email viruses: those that are enabled when opening an email attachment (i.e. the LoveLetter virus in 2000) and those that run automatically regardless of an attachment (such as the Nimda virus).
An email anti-virus filter will catch incoming messages that contain viruses and stop them in their tracks. Typically you will receive an email notification to let you know that a virus was detected and quarantined.

Spam is one of the biggest wastes of space and time ever invented. It’s not enough that we receive junk mail in our physical mailboxes, now our email inboxes are flooded, too. Spam is inundating the internet with many copies of the same message in an attempt to force the message on people who would otherwise not choose to receive it. A spam filter separates unsolicited emails from those that are legitimate, placing the unsolicited messages in a separate folder. There is always the risk that the filter may block messages that are legitimate, so it is essential to review the messages in the spam folder from time to time. Most spam filters permit you to specify which emails you want to receive in your inbox based on a list of email addresses that you specify, often called a ‘white list’. For more information about anti-spam and email antivirus, see the CorporateMail Security* webpage.

• Anti-Spyware Technology
Spyware, as defined by CRMtech.com, is “any technology that aids in gathering information about a person or organization without their knowledge. On the internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone’s computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.” It basically gives advertisers information about your web surfing habits so they can target you for particular products. Anti-spyware is software or technology that disables spyware so you can regain your privacy.
While no one can guarantee complete protection from network security breaches, it is critical to be proactive and have contingency plans in place. One of the more popular approaches to putting the right network security functions in place is outsourcing this function to professionals. According to Jennifer Mears in an article that appeared in Network World, “the outsourced IT professionals help you save time, give you access to reports and audits, as well as expertise that may not be available in-house. Bringing in the experts may be just what you need to get a jumpstart on the security of your network.”

V2 services is a Curaçao based IT consulting company.
The company is focused on offering a variety of IT consulting
services to small and medium size businesses.

*www.corpcomputerservices.com/services/mailsecurity