The most important thing to know about IT security is that the only sure-fire way to avoid being attacked is to leave your computer off and in the box it was delivered in!
Usually, however, this is impossible, so we suggest that there are three main areas to get right- people, software and hardware.
People are your biggest security risk, either intentionally or not. The theory is easy, but achieving compliance is somewhat harder!
The very first thing to do is to develop and implement a secure password policy. You can get really good passwords from GRC.com, or you can take the XKCD approach and use four random words. (Think of your own or use this generator). So many accounts are taken over because people use weak passwords or share passwords between different accounts.
Another major hazard is "phishing", where you and your staff are sent emails claiming to be from your bank, ebay, paypal, or some other trusted source, asking you to go to their site to enter your login details. There are even "spear-phishing" emails which are highly targetted to the intended recipient. Don't go to web sites using the details on emails you receive- they could easily be deceptive. Type the web address (URL) yourself.
Ensure that you and your staff stay clear of dodgy internet sites, such as those offering pornography, pirated software and screensavers. They often try to attack your computer as you visit, and it is even possible to become infected by just viewing the site. You can use Domain Name Service (DNS) filters such as OpenDNS to reduce your risk.
Make sure that you are running the latest versions of all the software you use. Out-of-date versions expose you to risks, so take care that you fully update your system regularly. Make sure you are running either Linux or a current version of Windows as these are updated when vulnerabilities are found.
You should make sure that your computer has it's own firewall turned on. Being behind a hardware firewall is not enough as another computer could get infected by other means and then infect your computer.
There are a few things you can do with hardware to improve your security. The easiest is to ensure that you are sitting behind a hardware firewall so that you are protected from the blizzard of hacking attempts you'll receive over the internet. Make sure it's properly configured, especially if you have unusual needs. If in doubt, get a professional to help you.
Make sure that only authorised people have access to your computers. Not only does this prevent theft of the computers, but it also prevents people using keyloggers to get your passwords.
The risks are real and substantial. You need your response to be proportionate- take care but don't be excessive either. It's like protecting your home- you need door and window locks, but it's probably not worth putting landmines in the lawn and armed guards on the roof! So, ensure that you take care suitable to the risk you carry.
Please call us on 0115 840 5500 to arrange a consultation