From home PCs to corporate computer networks, there is always the potential for becoming a victim of computer crime.
Technologically savvy thieves can steal your personal information and your identity of your company’s confidential strategy plans, customer information and financial data with a quick click of a button.
The question remains, are you and your employees shrewd enough to stay ahead of the threats, both external and internal. Take this short quiz (and print it out for others to take) to help assess how up to date you are on the software and methods needed to keep your personal and business data secure.
Answer each question True or False. The answers are at the bottom of the article:
|1. You are the only person who uses your office computer and you make sure you never leave your office without locking the door. Being that careful means you don’t need a startup login and password.|
|2. You receive an e-mail from your bank asking for confirmation of some of your personal information or from one of your Information Technology (IT) employees advising you to download and install a patch to plug a security leak in your company’s software. Before following the directions on either e-mail you should verify that the e-mail is legitimate.|
|3. Your employees often must work remotely through the Internet using your organization’s virtual private network (VPN), which has the most up-to-date and secure encryption technology available. When those staff members load the VPN software onto a computer at a hotel, conference center or Internet cafe, they can perform even the most confidential business transactions with total confidence that the data remains secure.|
|4. You have seen employees violate your company’s acceptable use policy (AUP) by downloading mp3s or videos on their breaks. But they aren’t disturbing colleagues, their productivity remains high and you think that the music keeps their morale high. You should not take any action to prevent the downloads because it would damage morale more than it would bolster security.|
|5. A member of your IT staff quits on short notice. You make sure the individual turns in security passes, keys or keycards, and you delete the person’s logins and passwords from your business’s network. The organization is now secure from any potential threat from this former employee.|
|6. Using Wi-Fi Protected Access (WPA) encryption and media access control (MAC) address filtering on your company’s wireless access point is not enough security to allow confidential Internet transactions from remote computers.|
|7. The more antivirus software you install the better your protection from malicious software that can damage your computer or business network.|
|8. Never use wired equivalent privacy (WEP) encryption on Wi-Fi networks.|
|9. Your organization is in an information intensive industry such as banking, insurance, or legal services so you have installed the most sophisticated, advanced and up-to-date security program known to man. It makes sense to try to capitalize on this by creating a multimedia ad campaign around your business’s impenetrable security.|
|10. Natural disasters, terrorist attacks or frequent power outages led your company to install surge suppressors and uninterruptible power supply (UPS) battery backups on its network. The battery backups are configured to supply power for six hours. As a result, your company’s staff can continue working for that long during any power disruption.|
1. False. Without password startup protection an intruder may be capable of copying data from your computer’s hard drive. While it seems a nuisance to use IDs and passwords every time you start your computer, that minor hassle is worth it when compared to the possibility of having critical business and personal data stolen or deleted by an intruder.
Using your computer’s default, administrator account leaves it vulnerable to viruses. Information security specialists often advise using two logins: one as administrator with full access and another that allows only restricted access. For your daily work tasks you would use the restricted access, which gets you into only those programs you need to work. This helps add protection from the threat of bugs entering your PC, being triggered, and performing whatever malicious tasks they were designed for. You would use the administrator login for adding programs or software purchased from a legitimate and reliable vendor.
2. True. A common computer scam, phishing, involves sending e-mails that appear to be from a trusted and legitimate source, whether an employee or an organization with which you generally do business. The e-mails direct you to a link that in reality takes you to a site that — however legitimate it may look — is actually an Internet hub where Trojans or other malicious programs can automatically be installed on your computer. Before clicking on any link in an e-mail, always verify that the individual or company actually sent it. Never follow directions in an e-mail until you are convinced it is genuine.
3. False. While VPNs offer an extremely high degree of protection and are perfectly adequate for remote access using a personal laptop, they do not provide protection from threats posed by publicly accessed computers. Computer security specialists note that public networks such as those in conference hall lounges are prone to vulnerabilities. As a result, an employee could unwittingly send a virus through your company’s VPN.
4. False. Those employees could be violating copyright laws and exposing your business to legal liability. In addition, viruses can piggy back media files to enter your company’s network and can even be disguised as media files. Moreover, media files can be quite large and bog down your organization’s network. The bottom line, however, is that a lax approach to enforcing the company’s AUP can prompt employees to become slack in adhering not only to that policy but other company guidelines as well.
5. False. IT employees can easily plot ways to take advantage of their knowledge of your company’s technology and security. They could plant technological time bombs that detonate after they have left the enterprise and cause major damage, create super passwords that can be used to block access to administrative functions, and make changes that leave the network vulnerable or unusable. Your company should have detailed policies and procedures for the termination of IT employees to prevent last minute scrambling and to enhance the overall security of its network.
6. True. WPA and wired equivalent privacy (WEP) encryption protect only the link between the remote computer and the point of access. There must be more encryption beyond the access point and through the network path. Specialists recommend adding such encryption as secure sockets layers (SSL) VPN, or secure HTML (SHTML) to bolster security.
7. False. Antivirus programs may often be in competition, slowing down the network, potentially interfering with each other’s purpose, and even delivering false positives when they scan for intrusive software. One antivirus software program is sufficient, but be sure you keep it updated.
8. False. Years back WEP was cracked, but these days the ability to do that is far beyond the skills of most hackers and the encryptions have become more effective. If your network includes some older equipment you may have no choice other than to use WEP; in order to use the more complex and secure WPA encryption, every computer on the network must be compatible with it. WEP is not as secure as WPA but it is better than nothing at all. If a security audit shows that your enterprise is a potential windfall for hackers, consider upgrading to equipment that can use WPA.
9. False. This would be tantamount to issuing a public challenge to invade your organization’s system. No matter how airtight you think your security is, no system is absolutely unbreachable. Avoid publicizing your business’s high-end security and becoming an irresistible target.
10. False. For one thing, UPS batteries generally last just a few years and suppressors become less effective as time passes. At the very least, your company should conduct regularly scheduled inspections and tests, and replace any faulty or weak equipment. UPS batteries are designed basically to allow systems to be shut down safely when power is lost.
There is more to a contingency plan than keeping the network and computers running. You need to consider lighting, HVAC systems and other necessary elements of a functioning workplace as well as local codes and ordinances.
How Did You Do?
Outstanding: Nine to 10 correct answers. You are on top of the situation and simply need to continue to stay abreast of security developments.
Good: Seven to eight correct answers. You should spend some time assessing the potential threats to and weaknesses of your company’s system and install countermeasures.
Fair: Fewer than seven correct answers: You need to increase your knowledge of system security and consider consulting a professional to help build a secure computer network system.
Want a second opinion? Learn more about our Risk Advisory Services Team.