Did You Lock the Doors and Windows When You Left For Work This Morning?

Part 4: Tips for the Office

IT Policy

I will not say much on this other than to say, you should have a policy in place that tells your employees what they can and cannot do on the network and with your data. You can get such policies from lots of places on the internet.

You cannot really have a go at staff if you have not given them guidelines.

Business Continuity Planning

Companies should always have a continuity plan in place that will be activated should there be a business disaster like a flood at your office, meaning you have to relocate. Belt and Braces is my advice, have a good BCP, make sure it is written by someone with the right knowledge and experience, it can be written by a third party but they must be able to fully familiarise themselves with your company and sometimes your clients and their requirements, depending on the nature of your business. BCPs should be fully tested where possible. The internet is a valuable tool for finding out how to write a BCP, but I would advise caution�

Even the most experienced consultants make mistakes, ever heard of stories like, there was this large company who had a huge generator on their roof in the event of power failure; it automatically cut in. To start the generator unfortunately required mains electric; there had been a mistake in the specification. What a mistaka to maka!

In a worst case scenario, you may not have access to your normal site at all, off-site backups etc., suddenly become the life and death of your BCP.

Backups

I mentioned earlier in this article, backups are very important especially in business. All I am saying here is that there are a few things backups should be:

Done RegularlyOn Reliable MediaBe SecuredSome backups on-site with a copy off-siteMust be tested regularlyRestore random files and check they work Restore an entire backup to another machineShould be monitored for failuresBe checked to make sure everything you need backed up is backed up, especially if users create new folders.Backups should incorporate all valuable data, make sure users all save files to where they are meant to and that they get backed up. I once came across a situation where a PA to the MD of a company, had been saving all files locally and her machine was not being backed up with the network, when the hard drive failed - well you can imagine, there was not a happy face in the company.

Virus Protection and Firewalls

All networks and PC's must be protected; security suites are available for everyone (note that there is much less choice for 64bit PCs).

Some of these tools are expensive, especially on larger networks, but they work out a lot less expensive than the repercussions of an attack by hackers or the effects of an email or web based virus etc.

I am only stating here that you need them and that they must be kept up to date, not which ones are best or how to use them.

Stop Data Going Walkies

Data can leave your network in many ways, some legitimate and some not. Prevent the data leaving that is not legitimate as best you can, it is almost impossible to prevent employees breaching your trust and running off with data to competitors and alike. Always watch out for disgruntled employees as mentioned below.

Make sure application access fits the users JobDo not enable USB ports unless you have to (Disable them)Make sure your IT staff know what they are doing e.g. There is no point locking down everything on the PC and then leaving the cmd/Command prompt or run command.Disable or do not install CD/DVD RecordersStrictly control all data exporting/reporting toolsMake sure senior staff do not share their passwords and user Id'sKeep your network secure, WiFi with WEP, Virus Protection and FirewallsDisgruntled Employees Disgruntled employees and employees who are leaving your company can do much more damage than the average hacker. It may be required that you pay the balance of their contract and require them not to actually work, this is often the safest option, it protects you and your data but also protects them, if coincidentally there is a data security breach during their notice period and they are still on site, the finger by default ends up pointing at them, and they may be completely innocent. My advice, protect yourself and them.

In Summary There are enough pointers in these articles to make for a more secure IT infrastructure and reduce stress by preventing some of the bad things that can happen both at home and work with IT.

If you are unsure, worried or do not have the IT knowledge or confidence to feel comfortable with following the guidelines in this article or generally just muddle through with IT, then I recommend you sit back and let a reputable and knowledgeable individual or company help you, do not just get worried and sweep it under the carpet, act and act now, it is for you and your company's own good.

I hear a lot of people in companies whinging about their IT departments or 'IT bod'. If they truly are that bad at getting things sorted, then have your system checked out by a professional, there are lots of us out there, let them put your mind at rest, or recommend changes and training for your IT.

Lastly, not entirely regarding security, but more a general comment for businesses...

If your business has to work around your IT department and procedures put in place by your software and how it works, yet you want to work in another and better way, which your competitors may already be doing; something is wrong and it may be time to get someone to advise you.