« Absolute Access Corrupts Absolutely | Main | Has Information Security Really Come To This? »

ZDNet put out a tipsheet on achieving cheap security for your small to medium sized business (certainly wouldn't recommend it for a Fortune 500 company). There are some good points, but as you probably already know, what you typically save in money you pay for in time, and most SMB IT departments I've come across consist of one or two very busy individuals.

A quick summary of the free tips follow:

Keep up with patches on all systems connected to the network, and standardize your PC environment while making sure all PCs and servers have standard configurations, thereby reducing vulnerabilities and assuring successful patching.

Also, use free anti-spyware and firewalls, block the downloading of all external attachments except those used by businesses, limit admin privileges only to administrators, disable inactive accounts, erase all data before tossing a hard drive, and don't allow important files to be printed or downloaded.

Here are the tips that may cost some:

Change passwords on root and admin accounts, and train employees on best practices. Restrict access to USB/removable media if possible, block any port that your business does not require to be open, pare down the vendor list, and, as if you needed to be told, don't spend money on things you don't need like personal digital certificates.

Finally, if you need to spend money, consider using security SaaS, all in one appliances, and use compliance as a rationale for getting funding.

There! Pretty obvious, I'd say, and if you're talking over a dozen computers, you might want to wear running shoes if you're thinking of passing this list off to the IT department so you can make a quick escape.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2773