As IT and the Internet matures we are all becoming much wiser about many of the online threats facing us personally and the organisations where we work.
However, cyber criminals are becoming cleverer and more sophisticated too! New threats, different ways of attacking network and information systems, and more sophisticated malware demands that we keep alert at all times. Ongoing training for all members of staff across the organisation is your first line of defence. You need to keep them informed about the latest threats and what they should and shouldn’t do.
Of course, having policies in place to deal with staff use of business communications and the Internet whilst at work is a priority.
IT security tips
We’ve listed 53 essential IT security tips for you to consider. We can also provide general training courses in Information Security for staff throughout the year with our top-qualified IT security specialists.
Threat - virus and other software attacks
- Tip 1 – Introduce virus-checking software.
- Tip 2 – Use a properly-configured firewall between your systems and the Internet.
- Tip 3 – Do not open suspect emails or attachments.
- Tip 4 – Only enable preview panes once you have removed all suspect emails.
Threat – theft of laptops, personal devices and other hardware
- Tip 5 – Maintain a list of your equipment (including serial numbers) and check your physical security.
- Tip 6 – Control access to business premises and computer systems.
- Tip 7 – Encrypt sensitive data.
- Tip 8 – Password protect your hard drive and data.
- Tip 9 – Mark your postcode on all hardware with an ultra-violet pen.
- Tip 10 – Regularly back-up essential files and store copies in a secure place, away from the premises where the computers are used.
Threat – theft of Intellectual Property / copying of information
- Tip 11 – Make safe your customer or prospect lists, ideas and designs, and correspondence.
- Tip 12 – Check who has access to your systems and log usage.
- Tip 13 – Check physical security of computers and back-up files.
- Tip 14 – Make sure all your security staff are adequately vetted.
Threat – mishandling of personal information
- Tip 15 – Notify the Information Commissioner that you process personal information.
- Tip 16 – Ensure you understand the 8 Data Protection Principles.
- Tip 17 – Don’t allow your computer screens to be viewed from the street.
Threat – financial fraud and theft on-line
- Tip 18 – Understand the risks associated with different types of ‘card not present’ transactions, including cardholder not receiving goods, or goods sent to another address.
- Tip 19 – Validate new customers and suppliers using published information from trusted sources.
- Tip 20 – Obtain an online credit status report and electronic identity check.
- Tip 21 – Report fraud or attempted fraud to your local Police.
Threat – unauthorised email access/misuse/abuse
- Tip 22 – Protect email systems against accidental misuse.
- Tip 23 – Ensure workers know about policies on sending or publishing illegal or offensive materials via email or on a website.
- Tip 24 – Check that the policies are lawful and enforceable.
- Tip 25 – Always ‘inform’ users that you may monitor their communications.
Threat – unauthorised Internet browsing
- Tip 26 – Protect website against accidental misuse.
- Tip 27 – Ensure workers know about policies on viewing non-work related websites or visiting offensive or illegal websites.
- Tip 28 – Check that the policies are lawful and enforceable.
- Tip 29 – Always ‘inform’ users that you may monitor their communications.
Threat – sabotage of data
- Tip 30 – Protect against unauthorised amendment or deletion of records to disrupt the business or for financial gain.
- Tip 31 – Ensure that regular back-up copies are securely stored.
- Tip 32 – Check data regularly for changes in nature or size.
- Tip 33 – Adopt vetting procedures for workers doing tasks deemed higher risk.
Threat – identity theft
- Tip 34 – Protect against impersonation and developed identities.
- Tip 35 – Do not provide personal information without validating the identity of the organisation making the request.
- Tip 36 – Implement security measures to prevent theft of business records for use in identity theft.
- Tip 37 – Use identity authentication and credit status checking services.
Threat – spoofing attacks/passing off
- Tip 38 – Protect against impersonation of the business.
- Tip 39 – Forward email to sender’s ISP for action and adjust your filters to block unwanted email.
Threat – denial of service attack
- Tip 40 – Protect against attempts to prevent legitimate users of a service from accessing or using the service, including ‘flooding’ a network with mass e-mail and disrupting connections between machines.
- Tip 41 – Contact your ISP if you suspect an attack.
Regularly practice restoring files onto your systems
- Tip 42 – Draw up a set of comprehensive computer/information security policies for yourself and your staff.
- Tip 43 – Maintain a list of your equipment (including serial numbers) and check your physical security.
- Tip 44 – Introduce virus-checking software.
- Tip 45 – Use a properly configured firewall between your systems and the internet.
- Tip 46 – Do not open suspect emails or attachments.
- Tip 47 – Only enable preview panes once you have removed all suspected emails.
- Tip 48 – Control access to business premises and computer systems.
- Tip 49 – Password protect your hard drive and data.
- Tip 50 – Mark your postcode on all hardware with an ultra-violet pen.
You’ll notice that some of these tips are repeats. It’s deliberate in order to get you into the regular cycle of IT security management: Plan Do Check Act, Plan Do Check Act, Plan Do…. you know what I’m saying.
And for those of you who were expecting 53 tips instead of just 50… for the time it took you to read to the end of this article 3 more people in the UK became victims of identity theft.
Just goes to show that 3 is a magic number!