home page | mail
PROVIDING TECHNOLOGY LEADERSHIP AND SOLUTIONS FOR YOUR HOME AND BUSINESS NEEDS
 
 
10  Questions - Getting Started with Information Security::Introduction

Welcome to 10 Questions - Getting Started With Information Security.  We pose here 10 questions that you can answer with a simple yes or no answer.  Understanding these questions and why you must answer yes will help you get started in understanding how to make your business (or home) technology secure.  If you answer no to any of these questions, get to work  on resolving whatever is preventing you from saying yes. 

While these questions are largely focused on the small business owner, or person responsible for technology at the small business, most are applicable to the home as well. 


10 Questions - Getting Started with Information Security :: The Questions!

1) Do have a current inventory of your technology assets?

  • Knowing what you have is the first step in being able to protect yourself and those assets.  Create an inventory of what you have.  Include hardware, operating systems, and software.

2) Does your organization have antivirus and anti-spyware software installed on all desktops, laptops, and servers that are kept up to date with the latest signatures?

  • Having antivirus software alone is not the key to keeping your machine safe; it also must be updated.  We recommend setting your antivirus software to download signatures once a day.

3) Are the machines on your network regularly updated with the latest operating system and software updates?

  • The creators of worms and virus often exploit known errors or issues with operating system or other desktop software.  By ensuring your operating system and desktop software are up to date, you are making it more difficult for the malcontents of the Internet to infect your machine. 

4) Does your organization have a "Perimeter" firewall?  (A perimeter firewall separates your corporate network from the Internet)

  • Put a machine that has not been patched straight on the internet and within 15 minutes or less you will probably already have a piece of malicious software on it.  A perimeter firewall helps prevent the bad software scanning the internet for a vulnerable machine from finding those machines on the internet.  If you are a home user with a cable modem or DSL connection, make sure you have a router with built in firewall between your machine and the internet. 
  • It is also highly recommended that you employ a desktop firewall as well.  This gives you an extra level of protection especially if you have more than one machine on your network or you connect your machine to different networks (i.e., in a coffee shop or hotel).

5) Do you know where (which machines and location) all essential data is stored?

  • When users create and save documents, where are they stored?  A network share? The users desktop? The users "My Documents" folder?  How many of these document are essential to your business?  What would happen if they were all lost?  What would happen if they fell into the wrong hands? 
  • You must have an inventory of your data and documents and know where they are located.  This is done as a first step to protecting that data from loss.  The next step is to ensure it is backed up.

6) Are all essential business data backed up on a regular basis?

  • There are two types of data.  Data that is backed up and Data that has been, or is going to be lost.  Disks crash, computers get lost or stolen, all types of acts of nature can occur. Backing up data is essential to not only your piece of mind, but ensuring you can continue to function should you lose your drive or disaster should befall your business.

7) Have you verified that the backups referred to in question 5 are restorable (i.e. you have actually tested that you can retrieve the data from the backup media)?

  • Could you imagine taking every possible step to protect your data and when the day comes that you have to pull out the backup media (tape, disk, CD or DVD), it doesn't work?  All your hard work to ensure you protected yourself, or business, will seem like a fruitless effort.  Backups can fail.  Tapes go bad, disks can get scratched, external drives and thumb drives can fail.  Make sure you verify those backups.

8) Are backups stored off site in a safe and environmentally controlled location?

  • If you're a home user you may want to regularly store backups in a safety deposit box at your local bank.  For business, depending on your size, look into off site solutions for backups.  Backups stored in the same location as the critical date leaves a hole when there is a fire, flood, or other localized disaster.

9) Do you have a documented information security policy?

  • This and the next question apply to business.  If the answer is no, take some time to explore what an information security policy is, and then develop one for your organization.  If you don't know where to start, SecureResearch can help.  Give us a call to discuss your options.

10) Do you have a documented acceptable use policy?

  • You walk past a users desk and see them browsing web sited unrelated to your business, what do you do?  What can you do?  An acceptable use policy helps set out what employees and contractor are and are not permitted to do on business systems.  These policies help give you better legal footing should you need to take corrective action against an employee that is using a computer or the company network for non-business purposes.
  Share on Facebook
  | Copyright by SecureResearch 2008 - 2009