IT SECURITY: Resolutions for 2007

Jan 1, 2007 12:00 PM

The new year has come in a hacker-prone era rife with data theft, historically high levels of SPAM, and increasingly innovative computer fraud. IT security managers should resolve to combat these attacks in 2007.

“It doesn't take very long at all to enhance the security of a computer or its network,” says Andrew Greenawalt, founder of Perimeter eSecurity, Milford, Conn. “Whether you have a small business network or a vast business enterprise, these seven steps are imperatives to optimize your eSecurity (this year).”

1. CHANGE EVERY PASSWORD YOU CAN FIND. Every online commerce site visited, every computer, and any other password-protected device or Web site will be security enhanced with this simple, time-efficient move. Avoid easily discovered passwords such as names or numeric series such as 98765. Resolve to change your passwords at least quarterly in 2007.

2. DOWNLOAD PATCHES AND UPDATES. Even the least expensive computer security programs offer downloadable updates or “patches” that can detect the latest viruses, close “backdoors” that hackers have discovered, or otherwise enhance network protection. Operating systems should be patched and upgraded at year-end, and regularly as well.

3. HIRE A HACKER TO IDENTIFY WEAKNESSES IN NETWORK SECURITY. Also known as a “vulnerability scan,” these tests attack a network just as a hacker would. Instead of attacking databases and network tools, these scans report back on specific vulnerabilities and recommend solutions.

4. CONDUCT REGULAR ESECURITY CHECK-UPS. Keep your network safe by scheduling ongoing risk assessments. These automated, monthly remote risk assessments can be conducted for less than the cost of a single onsite review and can help ensure that confidential customer and financial data are as secure as possible from external attack.

5. COMMUNICATE AND REVIEW YOUR DATA SECURITY POLICY. Write a memo to all staff members stressing the importance of protecting such critical, confidential customer data as social security, bank account or credit card numbers. State an explicit policy on how and when, if ever, these should be included in unsecured e-mail correspondence with customers and others. Consider implementation of a simple encrypted e-mail system as a giant security step forward for 2007.

6. KEEP YOUR NETWORK VIRUS-FREE. With the increasing amount of entry points for viruses to penetrate your network (e-mail attachments, shared files, infected Web sites, downloads, etc.), a full evaluation of your network is critical to ensure that safeguards are in place. Unfortunately, simply installing AV software is not enough — ensure that the most recent definition files are updated.

CONSIDER GIVING UP ON DO-IT-YOURSELF SECURITY. Just as few business people attempt do-it-yourself insurance or computer repair, fewer still are able to keep up with the increasingly complex, fast changing demands of computer network security. This year is a good time to consider “outsourcing” network security.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue