Computer Threats: What to Focus on First
Prioritize your security efforts
Yes, spam is a problem. Screening and deleting junk e-mail wastes your time and your employees’ time. And if a junk e-mail attachment is opened, it may unleash a virus.
But if your company predominantly focuses on battling spammers, you may be ignoring much more serious threats that can actually cripple your business. When thinking about computer and network security, begin by sorting out what constitutes a genuine security menace to your computer systems, and what is mostly a nuisance. Here’s guidance to ensure you’re drawing the battle lines in the right place.
E-mail: Lose sleep over attachments, not spam
Studies show that spam makes up the vast majority of all e-mail sent. Junk mail filters like the one included in Outlook 2003 will help divert these unwelcome messages from your inbox, but will never prevent all spam from being sent to your e-mail account.
Yet remember: Junk mail by itself will not damage your business. However, there are some e-mail threats that will.
Viruses and worms: These small but malicious programs are commonly spread by e-mail. They come in the form of cleverly disguised attachments to messages that trick your employees into clicking on them. Once installed, viruses infect programs and files, can destroy your data and can effectively force you to close your business while you disinfect your computers. An e-mail virus can spread by e-maling itself to people in the your address book — maybe even to your business
Phishing: Some e-mail messages are “phishing” for valuable information. The sender asks for credit card numbers, network passwords or account numbers. But links in these messages actually take you to Web sites — that often look legitimate — run by Internet thieves. If you enter your data, you give those thieves the information they need to get into your computer system and access company data
Recommendations
- Instruct your employees to never open suspicious attachments that they do not expect.
- Remind employees to use extreme caution when responding to messages that ask for passwords or account information. If they have any doubts about the validity of the e-mail, they should contact the sender by phone and verify the legitimacy of the request.
- In the event a virus-infected attachment is opened, make sure your antivirus software is up-to-date and that you have installed security updates for your operating system and other software.
The Internet: Fear downloads before pop-ups
Pop-up ads in your browser window are indeed annoying. They interfere with Web surfing and searching. But, like junk e-mail, they pose a minor threat to your business. Programs that your employees download from the Web are another story, however.
- Viruses and spyware: Programs downloaded from Web sites can contain viruses and “spyware.” Spyware can enter your computer systems through infected e-mail messages and can secretly monitor what employees type and record account numbers and passwords. Spyware can also enter your computer through security holes in the software you use.
- Adware: Adware installs itself in a similar manner to spyware, though it typically just displays extra advertisements when you are online. Adware can slow down your computer and it can be frustrating to try to close all the extra pop-up windows, but it will not destroy your data.
Recommendations
- Create a security policy that clearly states what employees can download to their office computer, and what they cannot. Explain in person to employees why the policy is important.
- Consider using software that checks for and removes spyware. Microsoft has a free Windows AntiSpyware program and a Malicious Software Removal Tool you can use to rid your PCs of unwanted software.
- Use a firewall on your PC and a router for network protection. The combination of activating the built-in Windows Firewall and adding a network protection device enables you to filter or block Internet traffic to and from dangerous sites.
- Make sure your antivirus software is up-to-date and that you use it often to thoroughly scan your system. If antivirus software was installed on your new PC for a trial period, make sure to buy a subscription after the period expires, or to buy and install a new antivirus product.
- Regularly check with your software manufacturers to make sure you have downloaded and installed the latest updates to patch security holes. If available, use an automatic update service like the one available with Windows XP.
Data Protection: Worry about backups before hackers
Hackers — Internet intruders who work their way into your computer network — garner considerable media attention, especially those who are identified and captured. But you have more to fear from bad data back-up habits than cyber villains. Without regular data back ups, hardware failures, accidental deletions, and floods and fires can permanently wipe out all your sales records, customer contact information and order history — the data that is the core of your business.
Recommendations
- Back up your data weekly if not daily to a CD, shared folder on a network, or second hard drive. Windows XP includes a back-up utility that can perform scheduled back-ups.
- Test your backups regularly by restoring your data to a test location. Otherwise, you’ll never know if the data can be successfully restored if and when you need it.
- Keep a copy of your weekly back-ups at another location to protect them in case of a fire, break-in or other disaster.
- One of the keys to business success is setting the right priorities. The same is true when protecting your business computers. Understand that not every computing problem carries a security risk — but make sure to address the ones that do.