Very often IT administrators in small and medium-sized businesses are simply too busy supporting demanding users to proactively keep on top of IT security and administration.
With this in mind, it is imperative that IT security of your network is reviewed on a regular basis to ensure that your machines are not compromised and hijacked.
Of course, our senior engineers are experts at testing system security and integrity, and we are always keen to hear from system administrators or business owners who want us to test how safe their servers and networks are.
However, it is important to remind users (and administrators) of a few basics which are an important first step in securing your network and machines:
These should be as complicated as possible, and ideally will be changed regularly. You would be staggered at how many times we come up against the likes of “password” being used as protection.
To really protect passwords, they should contain letters (upper and lower case), numbers, and special characters. Clearly, a password such as “Tgs28£+13qz” is going to be far more secure than “george123″, the latter which could be cracked in a matter of minutes.
Of course, passwords should not be passed around or shared – with an appropriate computer network and organised file structure and email system, there is simply no need.
2. User education
Many viruses reside in websites and emails and are spread by machines being infected and passing these on. User education is not straightfoward unfortunately, due to the disparity between users’ exposure and understanding of technology.
That said, users should be guided with regard to safe internet browsing and controls can be put in place to prevent undesireable websites being searched. Moving on from that, users should be reminded not to click on attachments in emails without considering what they are, even if the email is sent from trusted contacts.
Users should also be educated not to click on random links or pop-ups, not to download unknown software from the internet, and not to spread spam, hoax or “chain” emails.
3. IT Security software
Your server and machines should all be protected by appropriate software to protect against viruses and spam emails. This should be kept up-to-date and reviewed on a regular basis.
Even with the basics covered, problems can arise and machines can become infected. It is vital that a decent backup system is in place and that users do not store files on the individual hard drives. With a properly managed back-up solution (and ideally a virtualised infrastructure!), any affected machines can be cleaned and reinstalled with only a modicum of inconvenience and a slight cost to bear.