Having a good recovery strategy and regularly updated software will offer solid protection for most current scenarios. "Keep your computers patched and up-to-date," Greene advises. "Deploy those solutions and let the armies of researchers deal with the problem."
Legal Data Protection Responsibilities
Legal responsibilities for protecting data vary widely depending on the size and nature of your company. Smaller businesses generally aren't subject to the provisions of the Privacy Act, but companies in specific sectors (such as finance or medicine) may fall under more specific regulations.
Regardless of the legal specifics, however, companies have an ethical and a practical obligation to ensure that business and customer data doesn't fall into the wrong hands.
"When you're operating as a business, you have an obligation to protect your customers' data as well," says PC Tools' Mike Greene. "You have a legal and a moral obligation to make sure that's protected as best as you can.
"Most companies will collect data and it's everyone's expectation that you're going to keep that data safe and private. The last thing someone wants to hear is that there's nothing in place. You need to do your due diligence and do the right thing."
Top Ten Tips
As appealing as it is to just ‘buy’ security, even the very best security suites cannot cover all eventualities. Here’s a quick and easy 10-step guide that, in conjunction with good security software, should keep you business safe from criminals and accidents.
1. Education. The vast majority of successful attacks are not the result of some elite hack slipping past your computer’s firewall. They’re successful because someone was duped into doing something they shouldn’t have. Perhaps they received an email promising a fun game or a picture of a naked celebrity—if only they click on this link or open this file…
To avoid drama, remember these three quick and easy rules: never open an executable file (those with .exe, .vbs or .bat extensions, for example) received in an email, even from people you know; never respond to or act on requests in an email that would require you to give up confidential information; never install new software on a work system (or a personal system that you connect to the office network) without approval.
2. Use good passwords. People hate them, but non-dictionary character strings that include both numbers and letters make the best passwords.
3. Turn on wireless security. Many wireless access points and routers are, unfortunately, shipped with wireless networking turned on, but with security turned off. Check your router manual, and turn on WPA or WPA2 security.
4. Create user accounts (with passwords). Every major operating system has the capacity to assign different users varying levels of authority over the system.
5. Remove unused software. Unused software and services should be uninstalled or disabled on company computer systems. Also, when an employee leaves the company, their accounts should be deleted.
6. Format. If you’re going to throw a computer out, make sure to format its hard drive first.
7. Patch. All office computers—and any PCs that attach to the office network—should be kept fully up to date.
8. Create backups. Important documents should be backed up regularly.
9. Encrypt. Important files should be encrypted, especially if they’re taken offsite on a notebook, mobile or USB thumb drive.
10. Have insurance. Insurance against financial hardships associated with data loss and theft is available, but it’s worth reading any insurance policy in detail.
*Source McAfee, an edited excerpt from its Total Protection Handbook.
Bookmark article at:These icons link to social bookmarking sites where readers can share and discover new web pages. powered by moSociable 1.0.1 by www.waltercedric.com
