“Let’s play the feud!” We asked 100 IT professionals, “What are the top 10 most important things employees in an organization can do to enhance their network security?” And, the answers are on the board. Without looking, can you guess all 10 correctly? Don’t change the channel. Survey says:
- Use Security Software—Each PC and server should be running an up-to-date security software program, whether one that came with the operating system such as Windows Security Essentials or even better something more advanced found elsewhere. Also, scan your PC at regular intervals to be sure no dormant viruses or malware are lurking and ready to disrupt.
- Automate Backups—Nothing is more important than your data and applications. Employing an automated daily backup system that stores data in multiple locations (such as locally and/or offsite) is the surest way to avoid problems or data loss that can be caused by system crashes, hardware failures or virus attacks.
- Practice PoLP—PoLP is the Principle of Least Privilege which states that all programs should be run with the minimal necessary access rights in order to accomplish a task. So, do not run as Administrator, unless you really must because that can become the norm and others can take advantage. Even just visiting a bad website while logged on as an Administrator can cause damage.
- Keep Software Updated—Always keep your licensed operating system software updated by applying the latest service packs and patches. You can also consider software to manage other 3rd party software to ensure it is up to date. An example would be Secunia Personal Software Inspector, which can identify outdated software.
- Use Strong Passwords and Do Not Share Them—Use passwords with over 10 characters, a mix of upper and lower case letters, characters and symbols. Additionally, make the password difficult to guess. To make it easier to remember your password, use a phrase (e.g., I Luv Rock & Roll!) and insert letters and numbers into it (e.g., 1!u>R0ck&R0!!). Never share the password with others.
- Lock It Up—Locks are to keep honest people honest, so help them out. Log out of your profile or shut down/lock your computer or device anytime you are not in direct control of the hardware. Not doing so is a huge security risk because it leaves your account open to abuse…especially an administrator account.
- Treat Sensitive Data…Sensitively—Do not input unnecessary sensitive, private, confidential data into any unsecure forms. Any proprietary and personal confidential information should be securely filed with very limited access. PCI, HIPPA and other privacy regulations apply to all such data, and non-compliance can be a huge offense.
- Encrypt—Whenever there is an option to encrypt, whether it is email, data in storage, or passwords…Encrypt! It is that simple and important!
- Keep the Machine Clean—Do not allow employees to install any software they want on their hardware. Have a policy in place and enforce it. Also, periodically, weed your list of programs on your computer. Dormant programs no longer in use are just plain risky to keep. Remove and uninstall any software applications or programs you no longer need. It improves performance and enhances security.
- Be Security Smart and Suspicious
- Do not click on random links. Unless you can easily verify a link is legitimate, think before clicking, especially on those in emails or IMs.
- Be wary of attachments. Unless you know the sender and were expecting an attachment, do not open it. If you must open it, save it first to your computer and scan it with your AV software.
- Download with caution. Lots of “free” software available online appears to be useful, but often it contains spyware which can damage hardware, slow down performance and potentially send critical information to the bad guys.
- Resist the urge to share. Do not send chain emails or forward on hoaxes because you could be crying wolf. Otherwise, when something important does need to be shared, no one will listen.
- Forget the flash drive. Transferring data via USB flash drives is the EZ Pass to computer virus infection. Use only with 100% knowledge of safety.
As you can see, there are many things employees can do to enhance network security. Thanks for playing!
First published in our July 2016 IT Radix Resource newsletter
You must be logged in to post a comment.