Do’s and don’t for IT and computer security
IT security firm Symantec offers guidelines to help consumers and institutions deal with the complex world of fraud, crime and viruses on the Net. Here are some do’s and don’ts to ensure that the security of endpoints and the information residing on them is not compromised.india Updated: Mar 30, 2009 11:55 IST
Computer security is now a multi-faceted activitity, with the proliferation of mobile devices, laptops and buzzing activities like social networking and downloads from the Internet. IT security firm Symantec offers guidelines to help consumers and institutions deal with the complex world of fraud, crime and viruses on the Net.
Rules for individuals and consumers
The increasingly connected world has led to data being everywhere – main files on our computers, backups on removable storage devices like pen drives, and trails of information on smartphones and PDA (personal digital assistants) s as well. A lot of this data is critical and confidential. But are you confident that it will stay that way?
Here are some do’s and don’ts to ensure that the security of endpoints and the information residing on them is not compromised.
The most obvious threat to mobile endpoints is perhaps the most overlooked: physical theft or loss. Loaded with information—and valuable in and of themselves — PDAs, smartphones and laptops are common targets for thieves.
They’re also easy to lose.
Password-protect your files:
As basic as it sounds, a strong password or PIN can deter casual data thieves or snoopers from having access to private information. Avoid predictable ones like ‘123456’ or your name. Another option is a third-party ‘padlock’ security program for smartphones/PDAs.
Scan files for viruses before using them:* This is always important, but especially if you are using a disk or USB storage device. You could easily pick up a virus from a corrupted file and introduce it into your system. Running a virus scan before launching new files will prevent infection.
Regularly backup data from PCs, laptops and mobile devices. Set up a schedule and automate the process. In the unfortunate event of a system crash or malware penetration, at least your data is safe.
Encrypt laptop hard drives and mobile devices. Failing to do this, even without the knowledge of usernames or passwords, is a security hole in your armour.
Invest in end-point protection:
This provides advanced threat prevention that protects endpoints from targeted attacks. It includes proactive technologies that automatically analyse application behaviours and network communications to detect and block suspicious activities, as well as blocking specific device and application activities.
Don’t log on to an unsecured wireless network:
Wireless computing has made it easy, and convenient, to carry out personal transactions on the go. However, ensure that the network you are logging on to is secured. Unprotected ones are a magnet for data thieves and malware attackers.
Don’t enable Bluetooth when not needed
Bluetooth vulnerabilities create another path for cybercriminals to get at your information. Some malware has already spread over Bluetooth, and new techniques for hacking mobile devices via Bluetooth are emerging.
Don’t neglect e-mail and instant messaging
The unsecured nature of e-mails and instant messages makes them ripe targets for the curious to intercept and read. Moreover, clicking on unknown links can often download malware to the endpoint.
Don’t leave endpoints unlocked
When not in use, lock away your endpoints. Out of sight is often enough to prevent the opportunist thief.
FOR COMPANIES AND INSTITUTIONS**
Frame policies around adding and retiring endpoints
Always set policies to secure endpoints (for computer terminals or connected devices) before they are activated. As for retiring endpoints, whenever a piece of equipment is to be decommissioned, remove the computer name so that it can no longer log on to the network and wipe the machine for any corporate data.
Take a structured approach to endpoint security, implementing a solution that not only protects them from threats on all levels, but also provides interoperability, seamless implementation, and centralized management.
Develop strict policies for USB port use on a user-specific basis. Policies can be set to allow ‘read-only’ access on available devices for a set of users, while completely allowing (or denying) access to others. These can be applied to both local and remote users. Businesses should look for software solutions that can lock all possible avenues of data leakage, and put permissions and policies in place to control who has access to which files, where and when.
Use technology to enforce endpoint policies
Employee reprimands and penalties aren’t enough. Technologies that make it impossible for an employee to use an endpoint in an unsecured manner are essential.
Secure workstations, restrict home computers and lock portable storage*.Workstations and laptops can be a major source of loss, especially when a poorly configured or out-of-date enterprise or home computer is compromised by a virus or worm, and by losing portable storage media, such as a USB drive or CD-ROM.
Encrypt portable devices
Employees who are given laptops and PDAs will store sensitive data on them. Policies don’t matter: Users will always use the tools they acquire, and sensitive data will always end up in unexpected places. Opt for whole-drive encryption rather than restricting it to specific files or folders.
Monitor usage of confidential data, whether or not the endpoint is attached to the network. Use a solution that monitors files that have been downloaded to local drives, copied to USB or other removable media or burned to CD/DVDs, as well as data transferred over email, IM, FTP or HTTP. Also keep track of sensitive information that is copied, pasted, printed, or faxed electronically.
Use layered security
Employees and other end users should employ defence-in-depth strategies, including the deployment of antivirus software and a firewall. Anti-virus definitions should be updated regularly, and all desktops, laptops, and servers should be also be updated with the necessary security patches from the operating system vendor. Also, make sure to enable the security settings on Web browsers and disable file sharing.
For any number of reasons – disaster, human error, hardware failure, etc– your IT system could be brought down. Therefore it is critical to back up important data regularly and store extra copies of this data off site. Also, since it is easy for storage tapes to get lost, stolen or harmed in transit, encrypting those backup stores is a good idea.
Educate users about mobile security best practices, specify which devices the company will support, and ensure devices run software that offers strong password authentication and even whole-disk encryption.
Get strong management support
Without upper management’s support, IT can’t effectively enforce security policies. To gain that support, point out all the ways malware can get in and what is needed to block attacks and
Don’t assume all endpoints are computers
There are also USB devices, removable storage, and MP3 players that connect to endpoints, each becoming the next endpoint in the chain.
Don’t assume you know the location of all endpoints
There could be an unauthorized, employee-owned mobile device, or a rogue Wi-Fi access point, connecting from a remote office. Put in place systems that prohibit them from connecting to the network unless they meet endpoint policy requirements.
Don’t stop with securing only the endpoint
Since an endpoint can become a tool for hackers and information thieves, the network must be protected against potential misuse of endpoints. That’s why multiple layers of security are required.
Don’t neglect so-called unmanaged endpoints – the endpoints that extend beyond the administrative control of an organization because other parties own them, such as employees, business partners, and customers. This is
necessary because even though unmanaged endpoints generally have restricted access to sensitive information, they nonetheless carry just as high a risk of being compromised by malware.
Don’t compromise on physical security
There are a number of routine things users can do to strengthen your business’s security. These include: using the screen-locking feature when away from the computer, shutting the
computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being extra mindful of physical security of PDAs and handheld devices, which area popular target of thieves.
Don’t let down your guard down
Threats are ever-evolving; your system must keep pace with them to protect critical data. Always apply operating system and security software updates and patches as soon as they are