ICT Management > Staffing Issues, Legal Issues
Using Your Computer > Safe & Responsible Computer Use

Safe and Sound - Keeping your computers and data secure

By Lasa Information Systems Team

Securing your computer - or perhaps your entire network - covers a wide range of issues from securing data, planning for disasters, and making sure your laptop won't walk out of the door to ensuring your server won't receive an unwelcome visit from a hacker. By following a few guidelines and having policies and procedures in place you can make your computing environment a safer place.

Backing up files

You spend ages typing up that grant application, save it to the hard drive and go home satisfied after a hard day's work. The following morning, you attempt to turn on the PC and are greeted with, well… nothing. Your office computer whiz fiddles about for a while and pronounces your hard drive as dead as disco. "But what about the grant application that's got to go in today that's on the drive?" Then comes the dread phrase "Well, we'll just have to restore your files from the back-up". Silence "You do have a back-up, don't you?" Sadder but wiser, you spend the next day retyping the application… It doesn't have to be like this!

• Backing up files is the most important routine IT task - usually it's the most neglected. Make sure it's done!
• Back up daily - and keep a recent (not more than a week old) backup offsite.
• Don't rely on one backup and avoid using floppies if possible - tape is still the best method for a server and CDR is now cheap enough to be viable for smaller setups.
• The Knowledgebase article Could your IT cope if your office burned down? deals with backing up data in detail and the Sample back up rota provides a suggested a routine.

Theft, fire, flood, plague, etc.

Buying your ICT equipment is one of the most expensive capital investments you'll make so a few sensible precautions will reduce the risks affecting your organisation:

• Consult your local police for advice on securing entry points to your office, burglar alarms etc.
• Insure your equipment - most office contents policies will cover PCs - but check to make sure your policy does
• Keep a register of equipment - record information such as the manufacturer, specification, date of purchase, serial number, price paid, software installed and licenses purchased, etc. Keep a paper copy in a fireproof safe and offsite - don't rely on just having it electronically.
• Keep copies of essential software in a safe or off site along with the license keys (the set of numbers and/or letters which you are asked for when you install the product) provided by the manufacturer.
• Mark equipment with approved anti-theft markers and investigate physical locking devices
• Buying new equipment - don't leave the boxes on public display outside!
• Have a disaster policy in place - find out how you could get hold of replacement PCs and a server fast

Data security

Whenever data security is brought up as a subject, what springs to mind is usually the evil hacker, a grin on their face, hunched over a PC in a bedroom somewhere far away happily causing chaos in your organisation's information. Whilst this can happen, what is more usual is for security to be breached by a member of staff or a visitor to the office because of slack security procedures. Good practice includes:

For server based networks

• Have a password policy - ensure that passwords for logging on to the system are not obvious, aren't written on post-it notes attached to the monitor, and are changed at regular intervals.
• Use strong passwords - avoid dictionary words, use a mixture of at least 8 letters and numbers and possibly mix cases especially for the administrator password - but don't forget it! User passwords are easy to change by your administrator - admin. passwords for server access are not easily recoverable...
• Don't give out the administrator's password to staff who don't need it.
• Server administration - setting up drives and folders which have different access rights for different users will help secure data from malicious or accidental interference. It will also help your organisation comply with data protection legislation.
• Saving documents on C: drives - ensure users are aware of the dangers of saving files to their PC's local drive - it won't be backed up, it can be accessed by unauthorised users etc.
• Use a password protected screensaver if you are working in a public area - alternatively ensure publicly accessible PCs cannot access important data.
• Put a UPS on your server - an Uninterruptible Power Supply and software like Powerchute will help keep your server protected from electrical "spikes" and power it down if power outages last a while without losing data or harming the hard drive.
• Antivirus software - install it on every machine and keep it up to date.
• "Firewall" your Internet connection - networks, especially those with "always on" connections such as ADSL, should be protected by a hardware firewall. Reputable manufacturers include Watchguard, Symantec and Cisco. A firewall acts as a barrier to keep unwanted visitors out of your system by filtering the information coming through the Internet connection. It can also be used to set up Virtual Private Networks so that remote users can log onto the network.
• Apply security settings on web browsers and email clients - see the Knowledgebase article Infection Control for more information on how to do this or consult your software's "help" pages
• For more information on Internet security see Knowledgebase article How Secure is the Internet?

For standalone PCs or peer-to-peer networks

• Passwords - shared folders on peer-to-peer networks can be password protected as can individual files - this should prevent most casual intruders. If you have very sensitive or private information store it on a removable disk such as a floppy, Zip disk or CD rather than on your PC. Make sure you store the removable disk securely.
• Firewalling - standalone PCs using an ordinary dial-up modem or ADSL can run software such as ZoneAlarm, Tiny Personal Firewall and products by security specialists McAfee and Symantec (Norton) to good effect - there are issues with peer-to-peer networks with software firewalls, however, so check with your supplier before purchase.
• File and printer sharing - you may see a security reminder about disabling file and printer sharing while you have your Dial-up Networking connection open to prevent unauthorized access to your files, printers, and network. It is recommended that you do not enable the file and printer sharing unless you need to. This is so external users of the Internet cannot gain access to your computer or network.
• If file and printer sharing must be enabled for example on a peer-to-peer network, make sure you restrict access only to specific folders which you want people to use - don't allow access to the whole of your PC's hard disk (C: drive).
• Recycling PCs - if your organisation is passing on old PCs to staff members or another group, make sure the hard drive is reformatted - deleted files can be recovered from hard drives unless the area of the hard drive where the deleted file was previously stored is subsequently overwritten with new data

Especially about laptops

Laptops, like Martinis, are great anytime, anyplace, anywhere - but their higher value and portability makes them obvious targets for thieves. Some simple suggestions:

• Insure them - make sure your equipment insurance also covers laptops when they are off the premises
• In the office - lock laptops away at night or when the office is unattended
• In transit - don't leave in full view whilst in unattended cars
• Case study - laptop carry cases are easily identifiable by thieves so consider carrying them in something not as obvious
• Use in public places - remember that you can be overlooked so it might not be a good idea to type that very private letter whilst eating your morning croissant at the local coffee emporium
• Home use - remind staff that the equipment is for work use and not for running dodgy games they bought at a car boot sale. Also, if household members use the computer, ensure sensitive files aren't accessible.

See also Countering and Reducing Security Threats (80 Kb PDF document. Requires Adobe Reader. If you don't already have this, download it from Adobe).