A presentation for medium-sized businesses and organizations that describes the requirements for creating and maintaining security integrity.
We cover some of the basic computer (hardware) and information (software) security steps that need to be taken by all businesses / organizations who invest significant resources into IT. Especially when said organizations regularly acquire and manage sensitive information.
SCWOA is a Silicon Valley based corporation that specializes in - Computer & Information Security, IT & Network Support, and Security Audits & Consulting. We help medium-to-large organizations setup their security policies, maintain their security integrity, and repair any damages caused by a security breach or other support issue.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
SCWOA - Computer and Information Security Basics
1. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
IT Security Basics
for Medium-Sized Businesses & Organizations
Some of the things you need to know
in order to keep your network and
computers secure
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
2. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Start with the Physical
• Use a surge suppressor on ALL computers
• Use a UPS (Uninterruptable Power Supply) on
all Critical Systems
• If you are connected to a land line – your network
components (e.g. modems) are more sensitive to power
surges through the phone line than power lines
• Surge / UPS protection is especially critical in areas with
anything less than a perfect power supply i.e. all CA
businesses should have such protection
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
3. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
More Physical Necessities
• Install locks on accessible but attended
machines
• Install locks and alarms on unattended
machines e.g. smoke alarms, power sensors
• Keep rooms locked if feasible e.g. your server
room or wherever sensitive data is stored
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
4. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Backups Will Set You Free
• Backup your files – on all computers
• Setup an automated backup system to do this
for you every day (easiest solution)
• Store backups offsite – or at least periodically
transfer backups offsite
• If you think this is a waste of resources – imagine what will happen
if you lose ALL your files through one unlucky accident
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
5. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Updates Keep You Safe
• Make sure you receive alerts regarding updates /
patches for ALL the software you use.
• Make sure that you ALWAYS have the latest patch
/ update for all your software (especially the OS)
• Run the occasional security audit to make sure
that everyone is using the updated software
• Updates / patches remove known security flaws –
this is why older software is less secure
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
6. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Enforce Good Password Policies
• Create a good password policy and enforce it
• Use password aging to make sure passwords
are changed periodically
• Establish rules that enforce the use of good
passwords
• Try adopting passphrases
• Enforce the use of Capitals, numb3rs, and
$pecial characters
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
7. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Manage User Accounts Diligently
• Make sure old accounts are removed
• Ensure that access privileges are appropriate
• Protect administrator / super-user accounts
with the utmost care
• Establish clear audit trails to track access
through any account
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
8. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Run Periodic Security Checks
• Make sure your systems are updated and
patched with the latest available versions
• Run periodic virus / malware scans
• Check suspicious network activity (or call a
professional if you find something suspicious)
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
9. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Run Quarterly Security Audits
• Check your network is not exposed to well known
exploits / security flaws
• Make sure your firewall is secure and updated
• Test security integrity against popular hacking
tools
• Ensure that you comply with all legal
requirements e.g. HIPAA, PCI DSS, Sarbanes Oxley
• Be certain that security integrity has not been
affected by changes to your system e.g. new
users / data
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
10. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Encrypt Your Files (& Emails)
• Files should always be encrypted if they
contain sensitive information
• Use secure servers if you need to receive /
share sensitive data e.g. credit card numbers
• Use encrypted software when someone might
have a reason to want to see, forge, or alter
email messages.
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
11. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Hire a “Tiger Team”
• Tiger Teams are groups of honest hackers that
you hire to break into your system
• The purpose analyze and demonstrate flaws in
your security system and policies (if present)
• This is generally done by organizations with
extremely sensitive data e.g. banks
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates
12. Computer & Information Security – IT & Network Support – Security Auditing & Consulting
Hire a Computer / Information
Security Specialist
• If in doubt, ask a professional
• A computer / information security specialist
will secure your system better, and faster than
a non-specialized technician
• A security specialist will be aware of all the
latest issues and how to fix them BEFORE they
can become an issue
www.scwoa.com
Follow us on Twitter – Like us on Facebook
Sign up on our website for updates