Businesses in recent times have taken advantage of new technologies and models that originated and developed in the consumer space. This is the culmination of a fundamental shift in the relationship between employers and employees. This shift has now worked its way into the world of enterprise technology. Enterprises continue to capitalise on collaborative technologies [...]

The Sunday Times Sri Lanka

Five tips for Secure Business Computing

knowSECURITY
View(s):

Businesses in recent times have taken advantage of new technologies and models that originated and developed in the consumer space. This is the culmination of a fundamental shift in the relationship between employers and employees. This shift has now worked its way into the world of enterprise technology. Enterprises continue to capitalise on collaborative technologies and proliferation of mobile devices by developing applications aimed at improving employee productivity and customer satisfaction.

At the same time, the threat landscape too has continued to evolve, and any disruption caused by spyware, viruses, trojans, ransomwares, identity theft and hardware and application malfunctions now has a huge impact on business. No matter how technology savvy the user, secure computing practices must provide a combination of physical protection, original software and good security settings, including secure actions by the user. This must be another layer of protection over the 11 secure tips for secure computing we shared with you in our last edition.

Below are 5 tips that will help protect your business better:

- Keep all your devices and
computers updated:

There are new software viruses emerging every day. Always run a good antivirus utility and keep Windows and browser-related components (Java, Adobe and the like) updated. Keep your browser clean to prevent adware invasions that could lead to malware infections. It is essential to use anti-virus software and keep it up-to-date. The users should be trained to check whether the anti-virus software is up-to-date and promptly report abnormal behaviour of the devices or computers to IT helpdesk. All patch updates should be change managed and a regular audit of patch management should be carried out. Any exceptions identified should also be investigated.

Finally, a good perimeter and internal firewall should be implemented to help keep unauthorised people from snooping around your organisation’s assets. All changes to the firewall should be managed. A regular audit of firewall rules should be carried out. Any exceptions identified should be investigated. A personal firewall should be enabled on laptops and desktop computers as well.

Sujit Christy

- Create strong, secure passwords

Passwords should contain at least 8 characters with a combination of letters, numbers and symbols. Strong passwords are less likely to be hacked than very generic dictionary passwords. Use of good pass-phases help avoid having to write down a password. Never share your passwords or pass-phrases with anyone. Passwords should be changed often. Where possible another form factor such a onetime code delivered through SMS or randomly generated token should be used in addition to passwords.

- Keep corporate confidential and personal information safe

Classify all corporate information based on sensitivity. All confidential information including personal information should be encrypted and sent if required via secure email. Never share confidential information using public domains.

- Scan all external devices such as USB drives connected to your laptop and desktop computers

Limit the use of all external devices such as USB drives in critical data processing areas. All external devices connected to the laptop and desktop computers should be scanned always in an effort to keep malware off.

Never use mobile charger provided in public places such as airports and transit stations. These chargers can be used to plant trojans in your smart phones through which the hackers can steal confidential and personal information.

- Back-up important
information

All important business and personal information should be backed up to another computer or device. The information backed up should be stored securely, ideally at another location. All backed up data should also be tested for recoverability at regular intervals.
About the writer:

Sujit Christy is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He is the founding member and President of the (ISC)2 Chennai Chapter, Founder/President of Information Security Professional Associates (iSPA) and a board member of the (ISC)2 Colombo Chapter. He can be emailed at sujit@layers-7.com.

Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.