IT Security Audit
So what does anyone really need to secure your computers?
1.
Operating System Patches
a.
All of the latest service packs, and patches
installed. (and the system rebooted) – If it is a Windows system then these
will generally be released on the Second Tuesday of the month (Patch Tuesday)
You can get advanced notification of this (Search for Microsoft Technical
Security Notifications)
b.
A support Operating System – because systems now
run for a long time, and because most of us don’t like spending out unless we
have to, there are a lot of operating systems out there that aren’t
supported. If they aren’t supported then
any security holes are not being plugged
2.
Other Software Patches
a.
Yes other software is patched we tend to think
along the Microsoft Office lines here, but a lot of software is updated, to fix
bugs as well as security holes. Check these regularly
3.
Anti-Virus Software
a.
Is it up to date, both the software to the
latest version and the virus signatures to the latest version
b.
Is it scanning in real time, and also is a full
virus scan scheduled
c.
Are all removable media scanned when it is connected
(or inserted) to the computer
4.
Backup
a.
Do you backup up all of your data
b.
Is this backup stored off site, and also easily
retrievable (Easiest way for this to happen is to use an online backup)
c.
Has your backup been tested recently I would
suggest at least once a month
5.
Staff
a.
Are staff trained to make sure they know what to
do, and who to report to
i.
Can they scan removable media
ii.
Can they scan an email, or attachment
iii.
Know how to retrieve data from a backup
iv.
Who to call for help or report an incident to,
so the system can be checked clean
6.
Firewall
a.
If you have a firewall, is it configured
correctly to only allow the necessary data in and out of your network
7.
Username/Passwords
a.
Are all your passwords
i.
Complex
ii.
Changed regularly
iii.
Old user accounts removed as soon as possible
b.
Hardware password, changed from the default
(admin, password, default etc.)
The above is a fairly comprehensive list of items that need
to be addressed, but you might have other items that need to be secure. If you
need help to complete this you can contact me on 01752 546967 or martin@limbtec.com