The Worst Security Mistakes You Can Make - Part 1
To help us flesh this story out we decided to consult with one of the top IT people in the State-Earl Ford who runs Pacific Interactive, a Honolulu based networking and systems integration company. Earl helped us formulate commentary and some solid suggestions that will help PBN readers both keep their data safe and virus free. So here's what we should not be doing:
1) Opening unsolicited email attachments without verifying their source and checking their content first.
This is a no-no that we constantly must remind ourselves of. We all get spammed on a daily basis and it's really tempting to open some of those messages. However, it's not a good idea. Sometimes even attachments from people we know might have a virus. For example a very prominent person in Hawaii government spammed a number of people with a virus embedded in an email attachment just a few months ago. It's bad enough getting infected from strangers but this guy was a friend! You can never be too careful. Even colleagues can inadvertently get you in trouble. With this in mind, it's a very good idea to have everyone of your office machines set up with anti virus software. Lately we've been using McAfee VirusScan and it's worked flawlessly. (Check them out at McAfee.com.)
2) Failing to install security patches, especially MS Office, IE and Netscape.
Not keeping up with the latest security or anti-virus updates can be costly. "Keeping up to date with security patches is essential," said Earl Ford, "because new viruses are constantly appearing and if your system can't detect them you're vulnerable to attack. All is takes is the installation of new patches which are easily downloaded from the Net. Nowadays mainstream programs such as MS Office or your IE or Netscape browser have the ability to detect viruses and warn you before it's too late."
3) Installing Screen Savers or games without safety guarantees.
There are several problems with screen savers explained Earl Ford. First of if you get a cool screen saver from a third party, there's no way of knowing where it originated. That could be problematic because it might be infected with a virus. Even if it's not, you have no idea of how the screen saver will affect your machine. It might gobble up CPU power unnecessarily or even collide with other programs on your box and crash the system. Without knowing what a screen saver or game will do, the laws of unintended consequences could wreak havoc on your system. When in doubt, don't install it!
4) Not making and testing backups.
We've been preaching for years about backing up your system and it's as true now as it has ever been. Spend the money to purchase a good backup system and then test it to see if it works. Nowadays you can purchase a tape backup for around $200 at CompUSA or order something off the Net. Another option is to check the re-writeable CDs which are rapidly becoming a standard for backup technology for small businesses and networks.
5) Connecting a modem to a phone line while the same computer is connected to a LAN.
Adding a phone line to a modem creates an extra, unsecured entry to your network that might easily be hacked. Bingo, before you know it an uninvited guest might be inside your network. If you need an extra phone line, better to let a network administrator who understands security add it.
6) Not purchasing a UPS (uninterrupted power supply) for your network or desktop machine.
Having a UPS under your desk is a no-brainer. If there's a temporary outage, or a power spike your system (and data) will be safe. If you just have a desktop machine this is a $150 investment well worth making. Our colleague and friend Shakil Ahmed, who also writes for PBN, did a great story in the July 21 issue called the "Perils of Power" which provided a great backgrounder on what to look for in a UPS. We suggest you get a copy of it.
Continuing with our series on security, in our next column we'll take a look at the seven worst security mistakes senior executives make.
Jeff Bloom is the founder of Computer Training Academy/Network Resource Center, a computer education/consulting firm based in Honolulu. His contact is firstname.lastname@example.org or 839-1200. Rob Kay is a Honolulu-based public relations practitioner who specializes in technology. He can be reached at email@example.com or 539-3627. Suggestions for column topics are welcomed.
Published Sept 8, 2000