Thursday, July 22, 2010

Top 10 Network Security Mistakes

Businesses use networking to connect their employees to one another and create a productive shared work environment. However, in their haste to get the network up and running, some businesses do not take the time to make sure all security measures are in place.
Here are a few common network security mistakes:
  1. Improper password use. Passwords are the simplest form of security. By leaving passwords blank or simple (i.e., password or admin), unauthorized users are practically invited to view sensitive data. Passwords are more secure when they contain both letters and numbers in a combination of upper-case and lower-case characters, and they should be changed periodically.
  2. Lack of education. Educate users in the use of their software, especially with regard to e-mail, attachments, and downloads. They need to know exactly what kinds of threats are out there. Uneducated computer users are often those who fall victim to viruses, spyware, and phishing attacks, all of which are designed to corrupt systems or leak personal information to a third party without the user’s consent.
  3. No backups. Laziness is one of the biggest security threats. It’s considerably more difficult to completely re-create a crippled system than it is to take the time to create proper backups. Create backups often, and do not immediately overwrite them with the next set of backups. In addition, make copies and keep them off-site in case of emergency.
  4. Plug and surf. Unfortunately, computers are not designed to be connected to the Internet straight out of the box. Before a phone line, Ethernet cable, or wireless card is anywhere near a new computer, install a line of defensive software. Ideally, this should include virus protection, multiple spyware scanners, and a program that runs in the background to prevent malicious software from ever being installed.
  5. Not updating. What good are all those virus and spyware scanners if they’re not updated? It’s crucial to update what are called the “virus/spyware definitions” every week. This keeps the scanners up-to-date to detect the latest malicious software.
  6. Ignoring security patches. Security holes may exist in your operating system. No software is perfect. Once an imperfection or hole is found, it’s usually exploited within a very short period of time. Therefore, it is imperative to install security patches as soon as possible.
  7. Trust. Ads on the Internet have become devious and deceptive. They now appear as “urgent system messages” and warnings designed to scare users into clicking. As a rule of thumb, if a popup window contains an ad claiming to end popups, chances are it’s a scam of some sort.
  8. Not using encryption. Encryption is especially important when dealing with banking and credit cards. Storing and transferring unencrypted data is the equivalent of posting that data for everyone to see. If you’re not comfortable implementing encryption technology, have an IT specialist assist you.
  9. Trying to do it all yourself. Setting up a network, applying proper security measures, and downloading and installing software can be tricky. Large companies have IT departments. Small business owners should also ask for advice or even hire help. It’s worth the extra cost.
  10. Proper instruction. Security measures are most effective if everyone is aware of how the system operates. Give employees a brief overview of the security measures they’re expected to follow.