« Windows Security Spotlight | Home | Small Business Disaster Recovery and Business Continuity »

Users are a Vital Part of Computer Security

By Jason Kato | May 4, 2007

Computer Security

There are behavioral (human factors) components that should be part of the security review, which do not involve hardware or software. For example, antivirus experts have noted that perhaps 35-40% of virus definition/signatures are unavailable on average, due to delays in developing remedies or in detecting new malware exploits. Therefore, the habits and interaction patterns of users become a vital part of a security protection strategy, which might include:

Email.
Don’t open attachments, or click on hyperlinks unless you are sure of the content. This is similar for web links embedded in email messages, and is independent of whether full-client applications or web-based browsers are used. Consider when to use email, or revise company policy to standardize its use.

Web browsing.
Stay away from unknown websites. Websites are now the most common source of PC infection. (Even the official NFL SuperBowl website got infected most recently). Spear phishing is particularly harmful in that it targets truly authentic looking, legitimate websites, using well written grammar and customer data, to lure the user viewing the website into infection.

Passwords.
Maintain established complexity and change frequencies suitable for your environment. Like keys to locks, passwords are the primary mechanisms for controlling access to networked computers.

Remote access.
Consider the method and management of outside access to company infrastructure. Who is permitted, how, and using what devices may be a part of the design.

Data management.
Similar to remote access, consider the data involved. Allow only authenticated access to critical information, and actively manage where and how information is used if on portable devices or outside systems. Is internal business data stored permanently on portable devices? Are portable devices/laptops protected?

Ha!

Security issues related to Windows fall under many names (beyond malware), which specifically equate to hardware, software, network and user components too numerous (and specialized) to adequately address in this article. Terms such as IDS (intrusion detection), port attacks, Phishing/Spear phishing, Root kits, Social Engineering, Spam, Spyware, Trojans, Virus, etc. are but a brief sample list of keywords found on popular web searches. Each has deeper meaning and implications that can fill entire articles in themselves.

Awareness, understanding, acceptance, and change start the steps toward action in the highly interconnected world of present day secured computing. The fluid, interactive nature of the Internet will require a progressive response to maintain a trouble-free web experience.

Hi, I’m Steve
Steve Goto
Project Manager and Systems Engineer
Array Systems - IT Consultants in LA

Topics: Computer Security |

Comments

Pages

Archives

Categories

Recent Posts

Blogroll

  • Array Systems Inc. - Array Systems Inc. is the developer of asksid.com. Array prides itself as being the number one computer network support company for small - medium sized businesses in Los Angeles. Check out our website.
  • Old Torrance Candle Company - Old Torrance Candle Company specializes in creating triple scented soy wax candles that are better for the environment and last much longer. The owner, Laura Deliso, is one of the nicest people you'll ever meet and she also makes custom candles.