Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Computer Security Tool Kit An E-security Resource

advertisement 
Computer Security Tool Kit
An E-security Resource
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
Computer Security Overview
Every year, organizations both large and small lose millions of dollars in productivity, intellectual property
theft and various legal and operational costs. In 2002, more than 60 percent of all corporate data assets
resided unprotected on individual computers, according to published reports from the Search Security
Newsletter. This startling statistic spells serious security trouble for organizations, not to mention the
potential loss of proprietary information.
To provide evidence that computer security should be a vital part of the corporate management function,
VIACK Corporation shares these sobering statistics:
•
92 percent of corporations and government agencies detected computer security breaches within
the last 12 months; 75 percent acknowledged financial losses due to these breaches. (Source:
2003 Computer Security Institute/FBI Computer Crime & Security Survey)
•
The average financial loss from computer security breaches in 2002 was more than $2.5 million
per company. The most serious financial losses occurred through theft of proprietary information.
(Source: 2003 Computer Security Institute/FBI Computer Crime & Security Survey)
•
Disgruntled, former or fired employees, or even external service providers, are the most likely
culprits of a security breach—anyone with insider information. It is for that reason that four out of
five IT-related crimes are committed from within an organization. (Source: New Media Age,
January 2002).
While the number of high level executives involved in information security policy is on the rise, others
have not been involved or don’t have a policy in place due to lack of awareness, time constraints or
misconceptions that taking precautions will be expensive.
In an effort to help C-level executives and IT managers work together to address security issues,
VIACK’s Computer Security Tool Kit includes:
•
•
•
E-Liability Check List for the C-Level Executive – Six simple steps to start establishing a
computer security policy.
Five Questions Every CEO Should Ask Their IT Manager About Security – Basic
questions to help guide initial discussions between the CEO and IT department to determine
specific security risks in their company.
Personal Computer Security Check List: Simple Tools for Every Employee – A check list
to help remind employees of the simple steps they can take to reduce the risk of security
breaches.
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
E-Liability Checklist for the C-Level Executive
In 2002, more than 60 percent of all corporate data assets resided unprotected on individual computers
according to published reports from the Search Security Newsletter. This startling statistic spells serious
computer security trouble for organizations, not to mention the potential loss of proprietary information.
So what can be done to safeguard your company? The following is an e-liability checklist to test your
organization’s current computer security and level of e-communication protection. This list can also
serve as a catalyst for an internal dialogue with your IT department to determine how your company can
create and enforce a comprehensive policy to limit the risk of security breaches.
•
Create a protocol for downloading information and enforce compliance company-wide.
It is important for employees to understand the potential hazards of downloading programs, software
and other data to their individual computer desktop. By creating and enforcing a download protocol,
employees can be aware of risks and IT departments can evaluate the safety of the source before
allowing the completion of any downloads.
•
Choose a secure instant message (IM) software, and prohibit downloading all other nonsecure IM programs.
IM usage is on the rise, and while it is an effective tool for quick and efficient communication, many
IM providers did not design the software to be secure. In fact, most IM programs open up the
desktop to prying eyes and completely circumvent firewalls. For business use, choose a completely
secure, encrypted IM provider and establish a protocol to ban other non-secure IM programs.
•
Create a password protocol and enforce compliance company-wide.
Establish a password policy that uses case sensitive passwords and that incorporates numbers and
letters. Advise employees never to post or divulge passwords and to change their passwords
frequently. Also advise against using the same password for multiple accounts or logins.
•
Establish an e-mail protocol and enforce compliance company-wide.
Although easy, quick and effective, e-mail is not a safe communication tool for private or sensitive
information. Establish a protocol that outlines what is acceptable to discuss via e-mail and what must
be communicated through a more secure system – and enforce the policy company-wide.
•
Establish regulations for the creation and editing of secure documents.
E-mails and non-secure IM are neither safe nor an effective way to draft and edit private documents.
Both can be easily hacked, not to mention the risk of sending these documents to others inside or
outside of the organization inadvertently. As an alternative, choose a secure e-communication
software provider that allows for secure storage of documents and joint document editing.
•
Retain an IT professional and set up regular meetings to discuss computer security and
establish a program to review your security protection measures regularly. Update the
program as needed.
Obtaining help from IT professionals gives an organization the guidance and expertise needed to
establish a solid security program, ensure it’s working and keep it updated. Play it safe, create a
foolproof plan with the help of a professional and keep your company information private and your
communication secure.
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
Five Questions Every CEO Should Ask Their IT Manager About Security
Scenario: Third quarter earnings have picked up thanks to a new and improved proprietary business
strategy deployed by your executive team. You share this news via e-mail with your board of directors
and key investors. Now imagine your largest competitor gets their hands on this critical information. How
will you prepare for the fourth quarter damage?
You may be surprised to learn that corporate e-mail interception happens every day to companies large
and small.
Last year alone, the theft of proprietary information caused financial losses of more than $70 million.
More than $200 million total computer security related losses occurred, according to the Computer
Security Institute, a San Francisco-based association of information security professionals, in its eighth
annual “Computer Crime and Security Survey.”
Salary data, confidential company financial information and much more is at stake if computer security is
not a top priority for both top management and IT professionals. The following are five questions to ask
your IT department to see if your company is on track to protect itself from hackers, loss of proprietary
data and the myriad of other security and privacy threats:
1. Do we have a computer security program in place? Is it enforced at every level of the
organization? What does it entail?
These are important questions to ask because unless a security program is enforced company-wide, the
entire organization can be at risk of viruses passed through e-mails and servers, or inadvertent leaks of
information. Unless each and every employee has been given clear instructions on security standards,
no amount of preventative efforts can stop a serious security breach. The program should include
standards for instant messaging (IM), e-mail policies, virus protection, software security updates,
password policies and specific instructions for employees to follow.
2. What is our privacy policy? Do employees understand the need for privacy and the appropriate
ways to send sensitive information? How is this enforced?
Beyond a company-wide security policy, privacy issues can be just as serious and threatening to an
organization’s future. Employees at every level must be educated about privacy threats and the
appropriate way to communicate sensitive data or other information both internally and externally. If email is not the best way to communicate certain information, you can provide employees with secure emeeting software or other solutions that they can use in place of e-mails or non-secure IM conversations.
Ensure that whatever solution is implemented is easy for the end user. If it is too cumbersome, they may
use other means or try to circumvent the policy.
3. Do we have a firewall? What does it protect? What doesn’t it protect?
Understanding how a firewall can and cannot protect computer security is important – simply installing a
firewall does not prevent the hacking of e-mails and IM applications or the possibility of other very
serious security threats. Engage in an open dialogue with your IT department to understand how the
firewall can protect your organization, which will also allow you to learn about other areas that are still
vulnerable and how those can be protected.
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
4. Do you know what software your employees have downloaded to their desktop?
The availability of free software is prevalent on the Internet and many employees have the access to
download as much software as they want. One such example is the use of instant messaging software,
now rampant in the workplace. While this may seem like a convenient tool for instant communications,
IM creates a portal to each and every desktop exposing risks beyond belief. Know what software is
residing on your network and the risks associated with an open download policy.
5. What else can we do as an organization to make computer security a top priority for all
employees?
Your IT department is a valuable resource and the first line of defense against security leaks. Engaging
in regular dialogue about trends, recommended programs, software and other security and privacyrelated issues with IT can help you create policies and procedures that will secure your organization and
safeguard against loss of time, productivity, proprietary information and money. Taking the time to
assess risks and current programs, as well as develop cost-effective solutions that your organization can
easily implement will prove invaluable. Bottom line, consult your IT professional and keep your ecommunications safe.
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
Computer Security Check List: Simple Tools for Every Employee
No matter how many times your IT department sends out e-mail warnings or mandates to employees
encouraging them to secure their computer from viruses and hackers, ensuring that all company
employees follow these guidelines is nearly impossible to enforce. The need for simple, easy-to-follow
electronic communication guides is critical to protect your organization. The following check list is
designed to help your organization manage security risks easily, at every level in the organization. This
check list will provide employees with an understanding of what they can personally do, as well as offer
tips on how to determine when and how to escalate information and concerns to IT management.
•
Do you know your IT contact? It is important to be aware of who your IT contact is to ensure that
any problems with your password, laptop, data, etc. are reported immediately to the appropriate
person. Consider placing their contact information in a visible area in your work space.
•
Immediately contact your IT manager if you receive suspicious or unrecognized e-mails or error
notification messages on your computer. Do NOT open these messages! Often times, the
damage is already done by the time the call to the IT department is made.
•
Restrict physical access to information by locking your computer when you are away from your
desk. Your system will allow you to automate this procedure when you have not used your
computer for a certain period of time.
•
Change your password every month, adding numbers and symbols to help lower the risk of
someone accessing your information. Consider replacing letters with numbers, for example
replacing the letter “A” with the “@” symbol, or the number zero for the letter “O”.
•
Are you downloading applications from the Internet or software from home? Check with your IT
manager first. Some programs may be from questionable sources or could open your sensitive
information and your company’s network to hackers, other intruders or viruses.
•
Check for computer viruses regularly and run daily software updates on your machine.
•
Back up your data after being certain that your computer is virus-free, and do it daily.
•
When, and if, you access your organization’s network while working from a home computer, be
sure to save sensitive and confidential information on your company’s resources (their network),
and not on your home computer desktop.
•
Stay up-to-date on the latest threats, viruses and solutions that you may hear about in the media
or through memos from your IT department.
•
The number one tip: know your company security policy regarding sending sensitive and
confidential information electronically via e-mail, instant messaging or inter-office mail and do
your part to comply. The ability to protect your company from damaging or costly security
breaches depends upon it.
While some of these guidelines are the responsibility of the end user, often times your IT department can
automate these tasks to make them seamless. When in doubt, ask! Where security of the network is
concerned, they will be happy to help.
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
Conclusion
After a company puts an appropriate computer security policy in place, it takes additional work to ensure
compliance. It must include employees at all levels and an ongoing commitment on everyone’s part.
Security is not just the concern of your company’s IT department; it is a shared and very personal
responsibility.
In addition to computer security guidelines contained within this tool kit, it is equally important to consider
policies with respect to the following areas:
•
•
•
•
Transfer of sensitive documents inside and outside of an organization
Use of instant messaging services
Collaboration and online meetings via the Internet
Storage and access to confidential information
If you would like additional information regarding guidelines and tips in these areas, please contact
VIACK at pr@viack.com.
14811 N. Kierland Blvd. | Suite 100 | Scottsdale, Arizona 85254
1-866-265-8060 | www.viack.com | info@viack.com
Related documents
Press Release - Six 9s Customer Research Firm
Press Release - Six 9s Customer Research Firm
Home | Disciplined Advisors Group
Home | Disciplined Advisors Group
Linkage Questions Go the following University of Arizona website. 10
Linkage Questions Go the following University of Arizona website. 10
Document11039440 11039440
Document11039440 11039440
Arizona's Executive Branch
Arizona's Executive Branch
619.02 Software Requests
619.02 Software Requests
Download
advertisement