5 Tips to Improve Windows 7 PCs Security - Page 2

By Joseph Moran
  • Print Article
  • Email Article

Windows 7 Small Business Security Tips (continued)

3. Set PCs to Lock After Inactivity

Employees often get called away from their desks several times during the course of the work day. Depending on the duration and frequency of these sojourns, they can leave a PC logged in but unattended for long periods, during which passers-by -- e.g. another employee or an office visitor --can obtain unauthorized access. (Then there’s the person who logs in on Monday morning and out on Friday afternoon, leaving the computer accessible after hours to cleaning personnel and the like. )

Password protect Windows 7 screens

Figure 2: By password protecting the screen saver and setting an idle time that triggers it, you can ensure that an unattended PC isn’t accessible to passers-by.

You can guard against this kind of unauthorized access by configuring computers to automatically lock after a specified amount of idle time, ensuring the user’s password will be required to regain access. Particularly when used in conjunction with the password complexity described above, requiring people to enter their passwords multiple times over the course of a day should help them remember them better.

Here's how to configure a system to lock:  search for and run gpedit.msc (Local Group Policy Editor) from the Start menu. Under User Configuration, Administrative Templates, double-click Control Panel, then Personalization. Now double-click Screen saver timeout, chose Enabled, and specify the idle time in seconds (you’ll have to do a bit of math here; the default setting of 900 is 15 minutes).

Then find the Password protect the screen saver setting (it should be just above). Enable this one as well -- there are no options to set -- and you’re all set. (Note that this will work whether or not the user actually has a screen saver configured.)

4. Preventing Writing Data to USB Storage, DVD and CD Discs

USB flash drives and hard drives (as well as writable DVD/CD drives) are a double-edged sword; they make it enormously convenient to store and transport large amounts of data, which in turn makes them an excellent way for an employee to take unauthorized personal copies of company files off-premises.

There can certainly be legitimate reasons to have USB storage devices in the workplace, but if your business doesn’t need them, you can lessen the odds of information theft by ensuring that your computers can’t write to USB devices. (You’ll still be able to read to them, though).

Small business security; prevent recording to USB devices

Figure 3: If your business can live without them, preventing a PC from writing to USB storage devices -- or burning DVD or CD discs, can foil unauthorized employees from making unauthorized copies of company data.

To prevent a computer from writing data to a USB storage device, open gpedit.msc (Local Group Policy Editor) from the Start menu, then double-click Computer Configuration, Administrative Templates, System, and finally, Removable Storage Access. Now find the setting labeled Removable Disks: Deny write access and set it to Enabled.

Similarly, to block the burning of DVD or CD discs, set CD and DVD: Deny write access to Enable as well. Note: Denying write access to DVD/CDs will only prevent the use of Windows’ built-in burning feature. It won’t stop someone from using third-party disc burning software, so be sure there are no such programs on the system already. (And by following step number one, you’ll prevent anyone from installing such software on the computer in the future.)

5. Keep Up with Operating System and Other Software Updates

Keeping the Windows operating system and other software current with the latest updates isn’t a priority for many small businesses, but it should be. For starters, all your Windows PCs should be set to automatically download and install important updates (those that address security vulnerabilities).

You can check this by searching for and running Windows Update from the Start menu and then clicking Change settings. If you really want to see the updates first and apply them manually, use the Download updates but let me choose whether to install them option, so that any updates you decide to install will at least be downloaded in advance.

In addition to Windows, it’s also important that you keep third-party software up-to-date as well, particularly Adobe Flash, Adobe Reader, and Java. These ubiquitous pieces of software are big targets, and new security flaws are always being identified and patched, so when any of these programs informs you of an available update, be sure to download and install it ASAP.   

Read Even More About Small Business Security

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7, from Friends of ED.

Page 2 of 2

Previous Page
1 2
This article was originally published on May 09, 2012
Thanks for your registration