Securing your office computer system | ||
|
21 November 2001 In a recent
court case in Sydney a former systems administrator pleaded guilty to deleting
routing tables and system files on a computer system. This shows what the greatest
risk to your business data is: You and your staff. While the risk of an evil hacker breaking into your network or of a virus wiping
your data is real. The biggest risk is users accidentally wiping important data.
The second biggest risk is malicious damage by staff. While most small businesses are not exposed to losses like greengrocer.com.au,
who claim to have lost 136,000 dollars as a result of their former system administrator's
actions, losing all your business data would be catastrophic. There are steps
you should take to reduce the risk. With a network you should have some sort of security in place. For instance
on a Windows 95/98 or Apple network you might have the shared accounts or staff
record files password protected so only those with the password can access those
files. The main reason for this is to prevent people accidentally deleting or
altering files. If you have proper server systems such as Windows NT/2000, Unix/Linux,
Netware or Apple IP then you can allocate proper access rules and privileges. Even if you are running the most secure systems and have different level passwords
for different groups you are still at risk. If your accountant or bookkeeper
leaves on bad terms they will have access to the accounts. If, as in the above
court case, your system administrator leaves then they probably know all your
Files encryption programs, including the features built into Windows 2000 and
XP Professional have their uses, particularly for laptop users. But as an office
security feature they are not a perfect solution. The danger with them is that
the password on frequently used files becomes common knowledge in an office.
If you do use encrypted files, make sure they are backed up in an unencrypted
form and never, ever forget the user passwords. Internet access presents risks of its own. This is where the most publicised
breaches and scares happen. You should have a firewall on your system, anti-virus
software installed and a server should not be directly connected to the Internet.
The most common problem for small business is that staff know the Internet
access passwords. This allows anyone to access the Internet using the businesses
account and gives any staff member the ability to access the businesses' e-mail.
It is essential that Internet access passwords are kept confidential. Allowing users to log in from outside the office is a great advantage, it allows
the boss to update the books without having to come into the office. It allows
staff to access documents and records while on the road or from home. The problem
is that it is also a security risk. All remote access should be granted only to those who need it and each person
should have their own password. No-one should have a blank password and there
should be no default, guest or any other generic accounts available. When a
person leaves your business disable their remote access account immediately. Most staff wouldn't think of damaging your business on leaving, but some might.
Once a staff member leaves, it is essential to change any passwords that person
used. It is also a good idea to make a backup of the data they use as soon as
practical after they give their notice. If your business's passwords are based upon kids or pet's names, people's birthdates
or car registration numbers, then you are at risk of an ex-employee, contractor
or even competitor being able to access your system. Make sure your passwords
are sufficiently obscure to make getting into your important files difficult. While you can make it harder for people to access your data it is impossible
to be completely secured. You have to backup your data. Backing up not only
protects you from disillusioned staff, but also from all the other misfortunes
that could affect your small business network. Getting a backup system is not
a luxury but a necessity, we discuss backup systems in a previous
small business help desk. It is impossible to guarantee that your data will always be safe. By following
a few basic precautions you can reduce the likelihood of losing data. Remember
that your hardware and software can be replaced, your data cannot.Securing your office systems
Password protection
administrative passwords.Encrypting files
The Internet
Remote Access
When a staff member leaves
Backing up data
PC Rescue Pty Ltd
Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 082 635 765
ŠTechnology Publishing Australia, 2011