Internet Security is more than just technology

By Jan Hepola

Think Internet Security is a concern for the IT department or your network consultant? Think again! Everyone suffers when a virus shuts down the computers, when a hacker gets into your files, or when yesterday’s work is lost to a computer malfunction. The IT department can install the best technology to prevent security incidents, but security is more than getting the right technology. You must factor in people, policies and procedures. As management, you need to lead security efforts with effective policies and consistent enforcement.

To get started, talk to your IT staff about existing security measures. Ask them to explain the technical elements of day-to-day security, including the “worst case scenario” strategies for disaster recovery. Remember, you don’t need to know the specifics of how to install a firewall, but you should have an understanding of the role it plays in overall security. From there, consider the following elements as part of your security plan:

Acceptable Use Policies: Create a document that outlines the computer activities that are considered acceptable. Include consequences for non-compliance and communicate this to employees regularly. This will protect both you and your employees from any lapses in judgment. Also, develop and monitor the security procedures that take place when an employee leaves your business.

Passwords: Use “strong” passwords. This means using a combination of random letters, numbers, characters and a mix of lower and upper cases. Hackers have tools to break password codes starting with words found in a dictionary or common names. Insist that users not share passwords; this includes posting the passwords on their computers or writing them in Rolodex under “p”.

Virus Protection: Install virus protection software on each computer in addition to the network. This will ensure that files (including attachments and shared discs) will be checked for viruses before they cause damage. Critically important is a policy that each user must regularly schedule the updating of their virus definitions. It is important to show your employees how to do this while communicating why it is important.

Firewalls: Protect your computers and network from attacks from the Internet with a firewall. There are two types of firewalls: hardware and software. As data attempts to come into your network, the firewall determines if it is dangerous (hacker attempts) and should be deflected, or safe and allowed to pass through. Having a strong firewall is particularly important if you are using DSL, cable, wireless or satellite to connect to the Internet.

Take the time to teach yourself and your staff about technology security. Communicate why certain activities are expected or restricted, and frequently review employee compliance. Promoting the understanding of existing Internet security risks, how to best defend against them, and the potential impact on your employees and your business will pay-off when the next threat becomes a reality.

Ms. Jan Hepola is an E-Business Development Consultant with Minnesota Technology Inc.