VULNERABILITIES!
ARE YOU
READY?
How well are your
business computers protected from potential prying eyes? With the events of 11
September you can expect cyber-terrorism attacks to your web sites and even your
e-mail!
Increase your
businesses overall security posture.
Do you have an
internal cyber-incident response team (CIRT)? They should be on alert, and
aggressively monitor Internet activity on all systems.
Do you have a
security plan written up and in-place for your business?
Evaluate established
security plans in light of recent events, and update as needed. If no CIRT
exists, consider forming one or contracting with an external provider to
evaluate systems. Define how the enterprise will notify and interact with law
enforcement or other government agencies in the event of an attack (if this has
not already been done).
Evaluate and test
physical security procedures, including access to facilities and interaction
with electronic systems. Response to bomb threats — which may be received via
e-mail, instant messaging or traditional sources — should be included in the
evaluation. Review procedures for performing background checks: These checks
should be conducted, at minimum, on individuals with access to key information
and resources (e.g., e-commerce servers). Certain types of enterprises may
require more-detailed checks, or checks on all employees. Remember that some
low-level or contract staff (e.g., cleaners) may have access to all physical
premises and the systems in them.
Ensure that
critical decision makers and the CIRT have multiple communication methods
available to them. They should not have to depend on telephone service (landline
or wireless), e-mail or any single communications method. Ensure that contact
information (e.g., telephone numbers and e-mail addresses) are up-to-date and
appropriately distributed.
Immediately update
all systems with current security patches. Remember that even a desktop computer
can be used to compromise servers or launch internal and external attacks.
Preparations should include remote laptops and home computers with virtual
private network (VPN) access; remote users should be given simple procedures to
follow to update their systems. Remember, if the procedure is too
complicated, it will NOT be followed!
Update virus
signatures daily or more frequently. Scan for viruses at the firewall or server;
do not depend on synchronization of the signature files of desktops and laptops.
Perform full scans on all systems, using the latest signatures, to ensure that
they are not already infected. Remember that many users may manually shut down
their scans if they are executed during working hours.
MAKE SURE YOU HAVE THE
LATEST NORTON ANTI-VIRUS SOFTWARE INSTALLED, AUTO PROTECTION ENABLED AND EMAIL
INCOMING AND OUTGOING SCAN ENABLED!
DO NOT ALLOW USERS TO
BRING IN GAMES AND OTHER PROGRAMS FROM THE OUTSIDE ON FLOPPY DISKETTES!
Initiate
vulnerability assessments, including penetration testing. These assessments must
be performed by trained security professionals, not overtaxed systems
administrators. The enterprise's security program should include vulnerability
assessment and penetration testing as part of its regular procedure.
Disable all
inactive e-mail accounts. Examine user account lists on all systems,
removing all unnecessary default accounts. Change passwords REGULARLY on root
and administrator accounts. Review help desk and password reset procedures.
NEVER-EVER
use information such as employee numbers, Social Security numbers, phone numbers
or addresses for authentication of calls for password resets.
Constantly monitor
publicly accessible Web sites for possible security breaches. These checks
should be performed at least every hour, and more frequently if the enterprise
has been identified as a prime target of a cyber-attack.
Examine security
practices for remote access, including dial-up lines, extranets and VPNs. Change
encryption keys on all VPNs.
Monitor
security distribution lists for the latest updates and trends.
Educate users to
expect an increase in unwanted cyber-activity. Establish clear mechanisms —
e.g., a telephone number and an e-mail address for reporting suspicious
activities — that personnel can use to report any unusual online or offline
activity. This is important, because users may not be able to recognize the
difference between information security breaches and physical security threats.
If enterprise IT
functions, including Web hosting, are outsourced, review the outsourcers'
security policies.
Have a safe place to
store you businesses software, off site.
If you had a
computer crash and needed to have your software re-installed, know where the
software is, and also where the license keys are too.
In the case of an
emergency, make sure you have pre-planned a way to communicate with all of your
employees, including those that are working from a home-office or who are on the
road.
In case of a
system failure(s) do you know what alternatives to try (and in what order) - How
to communicate with one another - What communications are essential and what
communications can be deferred to avoid further strain on resources
Just like fire drills, you MUST practice COMPUTER EMERGENCY DRILLS!
|
