| CRBJ Charter Member: |
|
|
| CRBJ Home > March 2006 | |||||
Another year, another Windows threatBy Ken Doyle
While this threat was serious enough, it was over-hyped by some analysts, causing considerable panic among business and home users alike. Fortunately, it also helped raise awareness of security measures, or lack thereof, and that can only be a good thing. In a business environment, whether large or small, information technology (IT) staff are constantly faced with challenges to security on every level. In addition to maintaining anti-malware programs, firewalls, intrusion detection systems, and enforcing user-level privileges, every company should have clearly defined, written policies that support IT security measures. It's important to remember that every employee shares in the collective responsibility for a safe computing environment. Security begins at home With the explosive growth of technologies that blur the boundary between the workplace and home, it's become easier than ever to transfer files between the two environments. A compromised home computer can quickly become a threat to any corporate network - the PDA, flash memory card, or even an iPod that you use to transport files can easily harbor malware as well. A detailed discussion of security for home PCs is beyond the scope of this column; however, many problems can be avoided by taking simple precautions such as using a firewall, and staying current with antivirus and antispyware software, as well as Windows updates. The National Cyber Security Alliance provides comprehensive online advice for consumers and businesses alike (www.staysafeonline.info). Just say no Most businesses wouldn't be able to function without e-mail, so it's not surprising that e-mail is the most common carrier for malware. Yet many users still ignore the most basic rule of e-mail security: never click on any attachment to an e-mail message from an unfamiliar source. In addition, with the huge rise in identity theft attempts through "phishing" techniques, it's also important never to click on any links in e-mails, even those that appear to come from official sources like financial institutions. Following these two rules will help employees develop good security habits, even if your company's PCs are protected with the appropriate software. It's far better to avoid problems in the first place than to rely on software to detect them or clean up the mess later. Knowledge is power The bad guys are getting smarter every day and it's impossible to keep up with the latest threats and malware techniques, even if your software is updated automatically. With more threats focusing on so-called social engineering tactics (i.e., changing a computer user's behavior in order to compromise the system), timely education on practicing safe computing can go a long way towards preventing problems. Every company should make IT security training a regular event for new and veteran employees alike. If your company doesn't currently have such a program in place, talk to your human resources manager or IT staff about getting one started. There will always be security risks and malware authors lurking. Getting software developed and deploying technology to combat the threat is the easy part. The real challenge lies in modifying our own behavior and sharing the effort to make the online world a safer place. madison.com ©2009 Capital Newspapers. All rights reserved. |
|
||||