IT Security basics

If you're worried about your organisation's IT security take a look at the guide below - it's by no stretch comprehensive, as this is a large and complex topic, but may give you some pointers to think about.

Security for any business, but particularly for a small business, has to be a balance - it all comes down to P's. It's easy to panic thinking about all the possibilities that could go wrong, but prevention could end up being so complex it prohibits normal operation. So we find a balance where we cover the highest probabilities with pragmatic solutions.

First step: determine your secure boundary

• Internal - the place you work: study or office where you have control over the environment
• External - everywhere else

Think Internal

What data do you have that's private or confidential, or has taken you a long time to accumulate that you wouldn't want to lose?

I imagine you have a desktop computer or laptop, or a number of them, perhaps a USB stick (or two), some old floppy disks, CD's with copied or bought information. You may even have a removable hard drive or two, and what about all the contacts on your mobile phone?

What would you do if any one of these items were stolen or destroyed?

The simple answer is to have everything that's important copied, or (for computer files) backed up.
This could be to a USB stick, removable hard drive or to any of the internet-based services.

Then - and this is key - think about what you would do if your whole internal area was destroyed overnight by fire. Where would you get all this information from tomorrow and where would you work?

You will immediately realise that backing up to a removable hard drive or USB stick, and then leaving it on site is limiting its usefulness. It would help for a disk crash, but not a fire.

Additionally you need to think about what happens to the data if it is stolen. Have you secured the information on the computer or stick/drive with a password?
Is it a good password, not just alphas and numerics?
Where have you written it down? Could someone steal that? Having a password structure is better than a specific password, as someone else may not understand your structure.

Think Boundary

So we've defined a boundary between internal and external.

• Could someone physically get in from the outside and steal something? Do I have that covered as best I can - alarms, window and door locks etc.?
• Could someone break in digitally? Do I have a firewall blocking entry and an anti-virus preventing attacks from emails?

There are plenty of very good FREE security applications available, like Comodo and avast! - there is now no excuse for not protecting your data.

Think External

Finally, consider all the data you have that is stored externally, or travels with you beyond the boundary.

This could be a whole host of things:

• Where do I keep my laptop/phone/USB stick when I carry them around? Could someone easily take it?
• Where do I read confidential information - on the train? Could someone else read it over my shoulder?
• Do I ever copy information to another PC, perhaps at home - is that as secure as my office?
• Your bank accounts on internet sites - where do you store your passwords? Could someone steal them?
• Backed-up data - is it somewhere that someone else could get access to it? Is it secure from being stolen?

And remember, emails should be considered external - i.e. you have no control over them - where they go or where they've come from, unless they are encrypted, so you should:

• Never put secret data like bank details or passwords onto an email
• Never open an email you're not expecting without checking whether you should have received it
• Check the reply address (usually 'Message options') before opening an unexpected email, if it's replying to xnx675@spam-r-us.com it's probably not from your bank.
• If you click on a link in an email check the website address is who you think it is before proceeding

But, of course, we have to be pragmatic - we use emails all the time and don't want to waste time checking unnecessarily.