We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Twenty-Four Seven Security

Peter Schooff

The 10 Commandments of Computer Security

user-pic
Vote 0 Votes

This list comes from CNN Money.

1. Patch early and often. With zero day attacks growing along with the number of patches being issued, test and install security patches ASAP.

2. Enforce password policies. While it’s well established that passwords should mix letters and numbers, uppercase as well as lowercase, do not let the desire for perfect passwords get in the way of good security – as the more employees are required to change their passwords, the more they are apt to write them on Post-Its.

3. Mind your VPN. Telecommuters can collect nasty viruses and malware which can then migrate to the corporate network, therefore limit virtual private network access only to company issued laptops configured to your security policies.

4. Watch your wireless. Securing Wi-Fi is only the beginning. The newest trick is the “evil twin? attack, which creates a similarly named fake wireless network in the hopes that an employee will log on and not notice the discrepancy, thereby revealing user name and password.

5. Only make promises you can keep. When the FTC investigates a company, it’s usually because the company exaggerated their claims, as in falsely claiming that customer data is only stored in encrypted form. Therefore, make sure you walk the talk.

6. Hack yourself. Hire an outside auditor to breach your network just to get a hackers eye-view of your weaknesses.

7. Sequester sensitive data. Treat customer credit card and Social Security data as top secret and keep it on compartmentalized servers and limit accessibility.

8. Encrypt it. Use strong cryptography to protect sensitive data. An encrypted database left on a city street is more secure than an unencrypted one hidden in a bank vault.

9. Collect only what you need. Delete what you don’t. More than a few companies have been embarrassed after being successfully hacked for credit card numbers years past the actual transactions. Evaluate the inherent risk, and not the potential value, of the data you collect.

10. Phear phishers. Phishing has become so profitable it is no longer just a problem for Fortune 500 companies. Set up a responsive e-mail contact for customers who’ve received messages pretending to come from you, issue website warnings about fresh attacks, and train customers not to click e-mailed login links - by not sending any yourself.

Leave a comment

Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

Peter Schooff

Peter Schooff is Contributing Editor at ebizQ, and manager of the ebizQ Forum. Contact him at pschooff@techtarget.com

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT