Best Practices for Security

» Posted by on Mar 29, 2012 in Blog | 3 comments

From the Winnipeg Free Press, Nov. 07 2011:
The personal tax information of hundreds of Canadians has gone missing — and the privacy commissioner wants to know why. Almost 2,700 confidential files were removed from agency offices in Toronto by an employee in early 2006, and then downloaded onto the laptop of a friend. The privacy breach triggered a wide-ranging internal probe into why the confidential material was poorly safeguarded — and whether it could be retrieved. The employee was sent a letter in early 2009, asking her to produce the friend’s laptop.”He (the friend) told her that he would not provide the laptop and was unco-operative,” says the investigation report. The Canada Revenue Agency is rewriting its security protocols so that the incident won’t be repeated. Tax officials never reported the incident to the privacy commissioner, saying they regarded the breach as “low risk.”The Canadian Press obtained internal records related to the incident under the Access to Information Act. A spokesman for the agency says it cannot disclose whether the employee faced any penalties.

Businesses face as much of a threat from inside their company as they do from outside threats. Before the advent of computers and the internet, data was kept in locked filing cabinets; with access allowed only to restricted personnel. Your office has a lock and key to keep outside intruders out. How are you locking your digital files today? How are you securing your network from unwanted intrusions from the internet or an unauthorized access?

It’s not just the big guys! Small business owners may not consider their networks at risk for attacks. However, industries in western Canada are some of the most successful in the world and strong economies equal large dollar targets. To aggravate the issue, inexpensive software is available to do things like sweep IP addresses for vulnerabilities of any site.

Below are eight check lists that every business should be implementing to secure their data and their network.

Check list 1: six basic, free steps to physically secure your data:
1. Lock your file servers: PC’s or server racks that you store your company data and files should be locked in a separate room or closet to make sure that they are physically secure. You don’t want anyone walking off with them. The same is true for your wiring closets, where someone could relatively easily install a device to tap into all of your communications.
2. Lock up your remote locations too. Remote PC’s and laptops should be physically secured.
3. Set network access rights: Make sure that the network access rights are set up properly so that private information (such as salaries) remains that way. Ignore permissions at your peril; even IT departments can be lax about maintaining network permissions and accidently allow full access to the wrong staffers.
4. Encrypt sensitive data, especially on a laptop: If you have sensitive info on a CEO’s or accountant’s laptop; it should be encrypted. Virus protection s/w companies offer encryption solutions as well.
5. Disable print and file sharing: Disable print and file sharing on all your office computers, other than the ones that are your actual file and print servers. Leaving sharing on opens possible additional exposure.
6. Watch for data portability: If your organization needs to use USB drives, make sure that they are U3 types of drives that have password protection built in, so that lost or stolen one will not be accessible. Also think carefully about the need for a USB drive policy (for example banning them) since these are a common tool used in data theft and a source for malware to invade your network.
Check list 2: Make the right kinds of Backup.
1. Store critical backups off site as insurance from fire, floods etc.
2. Back up regularly: daily or weekly
3. Install duplicate hard drives in servers; hard drives have a finite life, and will crash. Backups are an insurance against such a catastrophe.
Checklist 3: Protect remote laptops:
1. Upgrade your OS: If you are running Windows XP, ensure that everyone is running Service Pack 3; Windows 7: service pack 2. Updated OS’s are more secure.
2. Get a firewall for notebooks: Each remote user should at the very least run the personal firewall that is built into their computer, and keep them turned on at all times.
3. Add additional firewalls: The best solution is for your network to have a robust firewall and for mobile users to have an even more robust firewall than the one that comes with your system.
4. Anti Virus protection: Everyone, without exception should have an anti-virus installed on their computers, laptops, notebooks, tablets and smart phones (especially if they are running android). Choose an anti virus program that is regularly updated with the latest virus codes.
5. Get a laptop disabler: There are a number of laptop tracking services that will disable a stolen lap top as soon as it is connected to the internet.
Check list 4: Securing web servers and your internet connection:
1. Install a managed firewall: Pick a managed firewall provider such as Fortinet or Sonicwall that for a small monthly fee can protect your network without additional IT staff. A network firewall separates your office network from the big bad world of the internet and makes outside penetration more difficult.
2. Get a firewall for your employees’ home network: If you have remote users that are working on proprietary or financial information, make sure that they have a properly configured firewall for their home networks, especially if they have a DSL or cable modem.
3. Scan your web site: If your organization maintains its own web site, there are a separate set of issues to be aware of. Use a free scanning service such as SPIdynamics and Qualys.
4. Have an ISP or web hosting company host your web site: They can protect it better than you while freeing up outbound bandwidth.
Check list 5: Wireless Security: Making your wireless network more secure doesn’t have to cost anything…just the time to ensure that they are enabled.
1. Use encryption on your wireless access point: Any encryption method is better than none at all, the best encryption method: WPA2 will provide the most security.
2. Hide the service set ID (SSID) that is used by the access point. Or change its name to something that doesn’t identify your corporation or address.
3. Turn off the ability to manage the access point from outside web users: There’s no good reason for this to be on.
4. Change the default administration username and password of the access point now: No sense in making it easy for anyone to gain access. Pick a difficult to guess password for your WIFI connections.
Check List 6: Secure browsing: Horror stories of stolen credit card numbers, phishing, and other scams have made internet users concerned. Here are a few simple steps that users can take to keep safe.
1. Learn to protect yourself when sharing sensitive information online: Use https:// when connecting to web sites that you will send financial or other private information, and make sure that your browser window shows a lock icon on the bottom to indicate that the secure browsing session has started. Your Face book page should be https:// as well.
2. Install latest updates to your browser software: The most current versions will have automatic tools that will detect when phishing sites are trying to seize your information.
3. Train staff to be skeptical of e-mails telling them to update their banking records or to respond with info to collect a winning or refund.
Check List 7: Email and IM security: Email and IM are communication tools that everyone has become familiar with. How much damage to your business would there be if any of this correspondence were to be made public?
1. Have an e-mail and IM policy and ensure that all staff is familiar with it. Sensitive corporate information should not be passed over public networks.
2. Consider using encrypted IM: AIMpro or Sametime by IBM
Check List 8: Endpoint protection: So you think your network is safe. You’ve installed a firewall and have antivirus on all your computers. All this can be ineffectual with one user bringing their infected laptop into your office and contaminating every one. Take inventory: do a site survey and know the location of all network jacks. Ensure that none are in public places or anywhere where you can’t monitor them. Panduit has devices that will lock closed all inactive jacks so that unauthorized users won’t be able to connect to your network.
Lastly; it is important to have a policy in place that details what is acceptable use of your IT infrastructure and what is not. Ensure that all employees are fully aware of this policy and what consequences non compliance of the policy will have.


  1. It’s the best time to make some plans for the future and it’s time to be happy.
    I have read this post and if I could I desire to suggest you some
    interesting things or advice. Maybe you could write next articles referring to this article.

    I desire to read more things about it!

  2. I think this is among the most significant info for me.
    And i am glad reading your article. But wanna remark on some general things, The web site style is ideal,
    the articles is really nice : D. Good job, cheers

  3. Fantastic beat ! I would like to apprentice while you amend your
    web site, how can i subscribe for a blog site? The account aided me a acceptable
    deal. I had been tiny bit acquainted of this your broadcast provided
    bright clear concept

Submit a Comment

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Facebook
  • LinkedIn
  • Twitter
Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Google Plus