ITSPA Technology Committee recommendations included the following:
∑ Install anti-virus software and update it regularly. This software scans incoming emails for virus signatures and, if a virus is found, deletes or quarantines it. It’s critical to update this software regularly with new definitions because there are hundreds of new viruses each month.
∑ Keep your office computers safe. Not all computer problems start with viruses and hackers, but instead originate with unauthorized computer users. Make sure office computers are protected by locating them in secure areas. Log serial numbers to ensure computers can be identified if stolen, and etch these numbersóas well as company informationóon hidden areas of the computers.
∑ Set up an Internet firewall. This is your company’s first line of defense and protects your local network from outside attacks by screening and blocking all traffic between your network and the Internet that isn’t allowed. The firewall also hides computer addresses and makes them invisible to outsiders. Installing a hardware firewall is simple as it connects between the cable/DSL modem and computers on your network.
∑ Strong passwords are best. It’s hard to remember passwords, but why make it easy for hackers by using weak or simple words? Never devise passwords based on your real name, username or company name, or use easily-guessed numbers such as 1234. Change your password at least once a month, and use passwords that are eight letters or more in length with lower- and upper-case letters, numbers and symbols.
∑ Download computer updates regularly. Older computer systems, such as Windows 98 or 95, should be discarded in favor of Windows XP Professional, which is more robust and secure. Security updates are downloadable at office.microsoft.com/officeupdate. Sign up for Microsoft Security Update, a free e-mail alert service designed for small businesses that tells you when to take action and what software to download.
∑ Teach employees to safely use e-mail. The first rule of thumb is never open suspicious or unsolicited attachments. Avoid responding to spam, too, especially links that claim you will be removed from the spammer’s mailing list. The second rule of thumb is never provide credit card numbers, passwords or personal information in response to email messages. Finally, check regularly for email updates and be sure to install anti-virus software.
∑ Make wireless networks secure. Because wireless networks, known as 802.11 or Wi-Fi, use radio links instead of cables to connect computers, they are more vulnerable to hackers. Easy-to-buy tools allow hackers to listen in or transmit data on your network. Several encryption technologies, such as Wi-Fi Protected Access, are available to prevent such eavesdropping.
∑ Get security help from a solution provider. Although there are perhaps 100,000 IT solution providers nationwide, not all are knowledgeable or experienced in security services. Before hiring a solution provider, ask to have documented the levels of security expertise. At a basic minimum, the company should have a Certified Information Systems Security Professional (CISSP) on staff. Ideally, the company also will have a Microsoft Certified Systems Administrator (MCSA) on staff, as well. Finally, look for solution providers that have a CompTIA Security+ Certification, which measures security competencies.
∑ Perform quarterly security assessments. Have a reputable IT solution provider ensure that any current computer/network vulnerabilities are identified and remediated.
∑ Build legislative requirements into security plan. Be sure your security plan includes appropriate legislative requirements associated with Federal Acts such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA.