Quick Tips for Better IT Security

People

  • Evolve a policy for what people should and should not do with information. Enforce this policy with education and sanctions – make sure all your staff know what will happen if they do not adhere to it.
  • Minimise non work-related browsing for both security and productivity reasons.
  • Don’t talk loudly on your mobile in public, be both careful and considerate.

Data / Information

  • Encrypt all devices and data as appropriate to its sensitivity.
  • Have a policy not only on who may view a file with sensitive information in it but also on who may print it – and what happens to that printed copy.
  • Dispose of old computers properly, including wiping all sensitive data.
  • Reduce unnecessary data traffic – don’t take or send important data anywhere it doesn’t need to go.
  • Carry out information assurance risk assessments.
  • Push your IT people to provide an automatic back-up system for your data. This relieves you of the burden of remembering to back up your system every day.
  • Don’t put business data on personal devices / memory sticks.

Equipment (hardware / software)

  • Keep an up-to-date hardware and software inventory along with a back-up of all users’ data. Doing so helps you get the user up and running faster if the worst does happen. Provide your mobile workers with top levels of support. They’re on their own and they’re generating revenue for the business.
  • Keep electronic backups of information as safe as you would the original document. Other issues include needing for IT to ensure that the organisation’s web browsers are patched at all times.
  • Screens should be switched off automatically when an employee is away from his/her desk and reawaken only when a password is entered.
  • Enable local filters on web servers (both MS and Mozilla can now check against up to date lists of infected sites) and take note of certificate warnings.
  • Centrally enforce security policies on mobile devices. Don’t leave it up to the end-user to turn on password software, encrypt data, or keep antivirus software up-to-date.
  • Implement a back-up system to protect corporate data. Don’t expect mobile workers to back up their own systems regularly. The back-up system needs to work even over slow dial- up connections.
  • Utilise software that enables remote configuration of all your mobile systems. You can then maintain browser and security settings centrally.
  • Don’t abuse the system by loading software that could impact its use for your job. Remember that the system is a tool to help you work efficiently.
  • Report unusual behaviour, such as your computer suddenly becoming slow, or the homepage changing when you are using your browser or you open a file that does nothing.