Cyber Security – Computers

IntroductionInvestigateInitiate – EducateFinalizeInvoicing

Policy – Computers – Software Assetts – Storage – Passwords – Staff Training – Anti Virus –Tweaks – Backup – Wireless – Email Security – Resources – Speed Up PC – Firewall – Website

When checking out the computer(s) we are checking for a few things.

1. Is the operating system up to date, all new patches applied etc.

2. Does it have antivirus software?

3. Is there a backup system?

4. Unused software

5. Password to access.

6. Amount of Ram, access points, CD, usb.

This is not really a point but if possible I like to look at the back of the computer to see if the fans are clogged up with dust and if so recommend a local IT person to clean them or do it yourself.

Basically we call this an asset review and it can be done manually or with software (prefered).

To gather this information you can do it manually or use some simple software. We actually use a system called Spiceworks. Be sure to check with the client before installing. (Youtube Video)

 

Secure your computers

Secure your servers

  • Keep servers, switches and hubs locked.
  • Monitor and limit access to server rooms.
  • Consider fire and flood risks as well as theft.
  • Keep server rooms cool.
  • Ensure server rooms have redundant power supplies.

Server security tips

  • Seek expert advice from a trusted supplier.
  • Restrict the number of administrator passwords.
  • Consider using a hardware firewall for your servers.
  • For servers running Microsoft operating systems, run Microsoft Baseline Security Analyser for security advice.
  • As with desktop PCs, servers need a firewall, regular updates and anti-virus software.
  • Do not use a server as an employee’s workstation.
  • Read server reports, such as security logs, and monitor for changes and irregularities.
  • Make sure you have a rapid response maintenance contract for any servers you are responsible for.
  • Regularly back up server data and keep back-up data secure and only available to authorised personnel.
  • Factor in redundancy in your server setup.

Secure your equipment

Although there are ways to physically protect your laptop or other portable devices, there is no guarantee that they will not be stolen or lost. While the theft itself is frustrating and inconvenient, the loss of information on the device could have serious long term consequences for your business.

Portable devices are designed to be easily transported and a lot of sensitive business information may be carried around outside the office, for example, sales information or customer data.

Ensure you manage the physical assets themselves as well and the security of the information they contain.

Educating employees about device and information security is critical.

Managing assets

  • Create a register of your hardware and software assets:
    • Take note of the brand, make, serial numbers and specifications for your equipment.
      .
    • Include monitors and other portable assets such as printers, scanners, speakers, pointing devices, cameras, mobile phones and storage media.
      .
    • Record the name, version number and product keys for your software.
      .
    • Keep this register in a secure location.
  • Lock portable equipment that is not in daily use in a secure cabinet.
    .
  • Create a register for staff to sign out equipment. When staff sign out equipment, remind them of relevant security procedures and obligations. Audit your register monthly to ensure equipment has either been returned or is still on loan.
    .
  • Mobile devices such as laptops, tablets and mobile phones should be encrypted and secured with apassword. Software is available to encrypt the hard drives of desktop computers to stop them being accessed if they are stolen.
    .
  • Ensure that staff do not write down passwords and keep them with the devices.

Establish an action plan

Establish a set of actions to take if business equipment is lost or stolen, and communicate them to your staff. These could include:

  • maintaining a list of serial numbers of business equipment
  • changing all passwords for online accounts previously accessed using the stolen device
  • advising your bank and/or cancelling the card if a credit card or other information was recorded on the device
  • reporting the loss to police and insurance company as soon as possible.

0 Comments

Submit a Comment

Hide picture