IT Security Audit

So what does anyone really need to secure your computers?

1.       Operating System Patches

a.       All of the latest service packs, and patches installed. (and the system rebooted) – If it is a Windows system then these will generally be released on the Second Tuesday of the month (Patch Tuesday) You can get advanced notification of this (Search for Microsoft Technical Security Notifications)

b.      A support Operating System – because systems now run for a long time, and because most of us don’t like spending out unless we have to, there are a lot of operating systems out there that aren’t supported.  If they aren’t supported then any security holes are not being plugged

2.       Other Software Patches

a.       Yes other software is patched we tend to think along the Microsoft Office lines here, but a lot of software is updated, to fix bugs as well as security holes. Check these regularly

3.       Anti-Virus Software

a.       Is it up to date, both the software to the latest version and the virus signatures to the latest version

b.      Is it scanning in real time, and also is a full virus scan scheduled

c.       Are all removable media scanned when it is connected (or inserted) to the computer

4.       Backup

a.       Do you backup up all of your data

b.      Is this backup stored off site, and also easily retrievable (Easiest way for this to happen is to use an online backup)

c.       Has your backup been tested recently I would suggest at least once a month

5.       Staff

a.       Are staff trained to make sure they know what to do, and who to report to

                                                               i.      Can they scan removable media

                                                             ii.      Can they scan an email, or attachment

                                                            iii.      Know how to retrieve data from a backup

                                                           iv.      Who to call for help or report an incident to, so the system can be checked clean

6.       Firewall

a.       If you have a firewall, is it configured correctly to only allow the necessary data in and out of your network

7.       Username/Passwords

a.       Are all your passwords

                                                               i.      Complex

                                                             ii.      Changed regularly

                                                            iii.      Old user accounts removed as soon as possible

b.      Hardware password, changed from the default (admin, password, default etc.)

The above is a fairly comprehensive list of items that need to be addressed, but you might have other items that need to be secure. If you need help to complete this you can contact me on 01752 546967 or martin@limbtec.com

An Opportunity

Security

So we are being told we have 2 weeks to make sure we are safe before the work done recently to prevent cryptoware and GameOver Zeus come back.

SO what can be done, well a quality anti-virus product, and a quality firewall are the basics.  However (And certainly the case with cryptoware infections we have dealt with) these are infected by people clicking on an attachment.

So perhaps now is the time to carry out some education of staff, (or family members) teach them how to scan emails and attachments before they open, (or ingrain in them) that they can't open any attachments.

Next on the list would be to make sure you are backing up all of your data, and that the backups are working properly, and deal with any issues with the backup.

You might want to consider the following pages on our website

Hosted Anti-Virus
Hosted Anti SPAM
On Line Back up