In this day of identity theft, malware, spyware, viruses and spam, it's more important than ever that we all take steps to safeguard our data against unauthorized access. Even though there are numerous resources available to help us accomplish this, software alone can do only so much. To maintain network security takes diligence and the integration of strong security practices into our daily lives. Yet most of us don't do this, even though we know better.
Computer criminals count on us to implement security casually. Yet it is possible to be reasonably secure with just a little bit of effort. While it's impossible to anticipate or stop every possible attack on your system, there are steps that you can take to help minimize your exposure.
- Put a good hardware firewall between your computers and the Internet. NETGEAR, D-Link and Linksys each make good and inexpensive routers. Most are easy to configure and some even provide VPN and wireless capabilities.
- In addition to the hardware firewall used on your network, you should also consider using a personal firewall on your system. These are really effective because they monitor not only what's coming into your system, but also everything trying to get out. Products like ZoneAlarm, BlackIce Defender, Norton Firewall and Trend Micro's PC-cillin are all excellent and inexpensive choices.
- Use your router to control access to the network by enabling MAC address filtering. This limits which systems can gain access to your network by only allowing systems you specifically approve. While it's true that this technique is far from foolproof, it is often enough to thwart the casual user.
- Run Windows Update frequently. If you're unsure as to whether a security update applies to your computer it's better to err on the side of caution and just install it. Better yet, turn on Window's automatic update feature on your system. This way you won't forget to do it and you'll know your system is always current with the right updates.
- Run virus protection programs on all your computers. Set the scan to examine all hard disks and to continuously examine all incoming files. Check for anti-virus updates frequently, daily if possible.
- Never leave a password at its default value. Passwords should not be simple: use characters, numbers and symbols. It's better not to use names or dates you find easy to remember: your birthday, your pet's name and so on. This is an example of a good password: kB!3cgsiz_8 or 4*4zbmn-BXY. Ideally, passwords should also be updated at least every 90 days
- If you have a wireless network, make sure you have at least WEP or WPA /WPA2 encryption enabled. As with the password, make sure you're using a strong encryption key at the highest bit level possible, typically 128-bit. If your hardware supports it, I recommend using WPA/WPA2 instead of WEP. It's a much stronger security protocol.
- Never place your primary PC in your routers DMZ. A PC using this address is wide open to the world. Unless you have a reason to use it, your router's DMZ feature should be disabled. Typically this feature is disabled by default.
- Limit the number of shared folders on your network or turn off file sharing entirely. If you must use it, make sure that you set the folder rights to allow only specific people to gain access to its contents. Avoid using the "Everyone" rights whenever possible.
- Turn up your Web browser's security. In Internet Explorer: Go to: Tools > Internet Options > Security > Default Level > Security level for this zone. With Internet selected in the top box, make sure the slider is set to at least "Medium". Internet pages will display with few problems at this level. Setting the slider to "High" will be the most secure, but some pages might not display properly.
- When browsing, don't just blindly allow software to download and install on your system even with a certificate unless it's from a company you think is trustworthy or it's something you might actually need. A good example of this would be something like Macromedia Flash.
- DO NOT respond to spam. DO NOT answer messages like "Click on this link to be removed from our mailing list" unless it is a company to which you know you actually gave your e-mail address.
- Running a public server (for example, one that hosts games for other people to use, or one that serves Web pages for public viewing) causes additional security concerns. Never use your primary PC for this purpose. Use a system that can be dedicated to the task and never use that system to store any personal information. This also applies to applications like MIRC or KaZZaA. Try not to use these programs on a system that contains sensitive information since they can expose you to risk.
- For the truly paranoid, you could even go so far as to disconnect your system from the Internet - or turn it off altogether when it's not being used.
You can do this pretty easily by just disabling your network adapter. While some people might see this as extreme, no one will deny that it is also extremely secure.
- Whenever possible, remote access should only be performed over a VPN connection. A VPN is one of the most secure communication methods available today.
- And this last one is a personal pet peeve of mine. Resist the temptation to have your system automatically retain your account passwords. I know it's convenient, but it's also equivalent to having no security at all.
Many of these features have to be configured only once or can even be set to run automatically. The more transparent the process, the more likely you'll be to implement it. These simple techniques and practices should go a long way to making your online experience more secure. Remember, data is your most valuable asset. Do whatever you can to protect it.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|