Educate Employees On Data Security

Bad guys love your employees. Often the easiest way in to a specific computer network is to get an "inside man" to help you. Not intentionally, of course, but it is still easy. Drop a few infected USB memory sticks in the parking lot, or maybe a CD labeled "pending layoffs," and they will likely be inserted into a PC by lunchtime. In fact, in 2006 a security company used this technique to successfully "penetrate" 75 PCs by handing out 100 "win a free vacation" CDs in London's financial district...despite a warning written on the front of the CD to check company security guidelines first. Attackers have also managed to submit new trojan software to magazines for inclusion on free CDs.

Educate Employees

Businesses should educate employees on computer "usage safety" by training them how to recognize phishing messages, be suspicious of free software, and recognize when their PC is infected with a pest. Employees should learn to ignore "error messages" that are really popup ads and banner ads in their web browser, and know how to tell the difference between a popup ad and a legitimate error message.

Protect Systems

If your business does not have up-to-date antivirus software you should probably stop reading and take care of that problem right now, since one or more viruses or pests have likely infected your network. Having up-to-date, automatically updating virus definitions is critical for catching known viruses and pests, but that does not always help against brand new ("zero day") exploits. PCs should also use a recent version of antivirus software, for example, the current version or perhaps one version prior. Security software older than that may not know how to check for the latest generation of threats, even though it will continue to update its virus definitions for viruses that it can find.

Firms can add a second line of defense by using an external spam and virus filtering service such as ITS Mail Guard to scan incoming mail for phishing messages and viruses. This type of service blocks or quarantines messages before they enter your office...before they are even seen by employees. ITS Mail Guard also saves Internet bandwidth, as well as eliminates staff time spent sorting out spam.

On the software side, ITS recommends avoiding older browsers like Internet Explorer 6 altogether. Internet Explorer 7 is better, but Firefox is still a step above that for everything except, perhaps, PCs with Windows Vista, which run Internet Explorer in a more secure "isolation" mode. It is also important to keep "plug-in" software such as Adobe Flash, Adobe Acrobat Reader, and Apple QuickTime up to date as malware authors have discovered they can use those ancillary programs to gain access to a system. As a result, Apple has patched QuickTime six times in the last seven months, fixing 11 vulnerabilities just this month [note...when downloading QuickTime, you do not need to download iTunes or Apple's Safari web browser, if prompted].

April 2008

Send this article to a friend!
Subscribe to The ITS Connection

Related articles

• Biggest Security Risk: Your Employees
• What is "phishing?"

Related links

• ITS Mail Guard anti-spam service
• Pest and spyware prevention