Best security practices
Tue, 1st Feb 2011
FYI, this story is more than a year old
- Close security gaps: laptops travel, and contractors and visitors connect to your network. Protect network endpoints, not just perimeters.
- Integrate defences: combine anti-virus, firewall, intrusion detection and vulnerability management at endpoints, and add encryption if they travel.
- Patch software: threats evolve, so close vulnerabilities quickly by applying updates from Microsoft and other software providers.
- Update virus definitions: keep your virus definitions up to date so your anti-virus software recognises new threats.
- Alert employees: warn them about attachments and links in unexpected email, and in software downloads before they are scanned for viruses.
- Don't invite trouble: file-sharing services and websites may install malicious code automatically. Stop them with training, policies and software.
- Strengthen passwords: require passwords that mix letters and numbers – never names or dictionary words – and change them often.
- Schedule backups: implement and enforce backup schedules for your servers, desktops and laptops – and automate as much as you can.
- Back up complete systems, too: a ‘down' server means lost business, so back up the operating system, applications, configurations and settings, not just files.
- Keep off-site backups: make sure files and systems can survive fire, flood, vandalism, sabotage, loss of your facility, or even a regional disaster.
- Test backups: don't wait until recovery to discover a resource, process or technical shortcoming – test the entire cycle.
- Get help: find a local IT partner whom you trust, who understands and can help with both your business and technical requirements.