In recent months, Microsoft has really upped its investment in helping customers make their Windows systems and networks more secure. From webcasts to security clinics to other online resources galore, the company seems to be putting a lot of its money into educating and informing its user base across a wide range of security topics, tools and technologies.
A quick look at the company's Security Guidance Center for Small Business underscores an observation that common sense, constant vigilance and secure behavior have as much to do with maintaining proper information security as does any application of tools or technology. The primary thrust of this offering is what Microsoft calls a "small business security checklist." As a quick perusal of that checklist's contents will verify (it's reproduced verbatim in the numbered list that follows), as much or more of its coverage deals with managing people and processes as it does with installing, updating, or using technology:
- Update your software: If there's a patch available, install it. It's a simple way to avoid serious problems, yet many fail to do so.
- Protect against viruses: Companies large and small can be crippled by viruses. Make sure every company PC, server and laptop is fully protected.
- Set up a firewall: This isn't as intimidating as it sounds and it's the most important thing you can do to thwart hackers.
- Tighten in-house security: Not all threats are high-tech. A casual break-in or disgruntled employee can cause serious damage too.
- Strengthen passwords: If you or your employees use simple passwords and/or fail to change them regularly, your company is vulnerable.
- Backup critical data: If the thought of losing everything stored in your computers terrifies you, there's a simple solution. Schedule regular back ups.
- Embrace smart Web browsing: Unscrupulous sites, as well as pop-ups and animations, can be dangerous. So can browsing from a server.
- Safeguard wireless networks: They're a great innovation, but wireless networks are more vulnerable than cabled networks. Do all you can to reduce your exposure.
- Connect remote users securely: Remote access to your network may be a business necessity, but it's also a security risk you need to closely monitor.
- Lock down servers: Your servers are your network's command center. If your servers are compromised, your entire network is at risk.
- Lock down clients: A lack of stringent administrative procedures could sabotage all of the security safeguards you've just instigated.
All of these points are familiar and reasonably well understood. But there's an unfortunate tendency to put them off or avoid thinking about them in many small operations. Seeing them laid out clearly, with short, clear explanations attached to each point (the links are live in the text above) makes them much easier to read and heed. Interested IT professionals will also find a nice collection of case studies, introductory infosec material, and more on this Web page. It may be too elementary for those who work in and around information security, but it's just right for co-workers, colleagues, or family members who need a quick brush-up on security concepts, routines, and best practices.
Ed Tittel is a writer, trainer, and consultant based in Austin, TX, who writes and teaches regularly on information security topics. He's a contributing editor to Certification Magazine, series editor for Exam Cram 2, and writes for numerous TechTarget Web sites. E-mail Ed at firstname.lastname@example.org.