Jun 07 2011

5 Ways to Reduce IT Risk

Reinforce these basic guidelines to help users maintain good security practices.

Successful IT departments are staffed with people who never stop learning. Most started with Computing 101 and broadened their skill sets from there, each working to master their respective specialties. But it’s easy to forget that not every user in the agency or bureau has taken Computing 101, and all too often IT equips them with computers but fails to give them the information they need to stay out of trouble.

Malware attacks, virus outbreaks and crippled networks cost organizations an exorbitant amount of money each year. Every one of these disasters started with a single compromised machine. To mitigate risk and prevent the preventable, ensure that these five basic guidelines are part of new-user training and as well as refresher courses for veteran users.

1. Avoid Installing Unsupported Software

Such programs can degrade computer performance and may introduce network security risks. As a general rule, users should always avoid toolbars, download accelerators and unsupported programs that run in the system tray and update in real time.

2. Understand the Signs of Phishing Attacks and Other Suspicious E-mail

Most agencies go to great pains to filter unwanted junk, phishing and other malevolent e-mail, but even the best tools let an occasional bad message slip through. Ask users to be on the lookout for characteristics of suspicious e-mail and learn to discern what should and shouldn’t be opened.

An unexpected e-mail from someone you know with a strange subject line? When in doubt, contact the help desk before opening it. Most techs would rather spend two minutes identifying a false alarm than two hours working to fix a compromised machine.

3. Perform Frequent Backups

Even though IT departments regularly back up user and group network shares, many users also save files to their hard drives — or, worse yet, to a removable thumb drive. The convenience of having files available offline quickly can become a nightmare the moment a drive is lost or a notebook computer is stolen.

Don’t keep files “local” for any longer than necessary, and back up all data files to the network at least once weekly.

4. Treat Every Public Connection as Just That

Public wireless hotspots are a playland for identity thieves and other cyberfelons. Treat every public Wi-Fi network as though other users can see everything you’re doing because, chances are, someone will be watching. Be vigilant in these situations and sparing in what you do, and always avoid making purchases over unsecured networks.

To encrypt sensitive data, use VPNs to perform work-related tasks such as checking mail and transferring files. If practical, tether with a mobile phone and skip hotspots altogether. Though this will cause arguably slower performance, mobile networks tend to employ better security measures.

5. Stay on Top of Software Updates

Nobody likes having their work interrupted by the ubiquitous “update available” pop-up, and it can seem overwhelming when so many programs want to update — from Windows to a litany of browser plug-ins, readers, productivity suites and driver software. Unfortunately, this is a necessary evil.

These updates not only add stability enhancements, but they are frequently released to address critical security concerns. IT should either push out updates quickly or encourage users to install any updates as soon as they’re prompted to do so.