Security

By Lasa Information Systems Team

Overview of the main security threats to your ICT, and resources to help you avoid them.

Why worry?

ICT (Information and Communications Technology) is now integral to the way nearly all organisations work. We rely on computers to get our jobs done, and a lot, if not all of our important organisational information and data is now held on computers.

ICT equipment is often hard-won, particularly for smaller organisations so it’s worth looking after! How long could you manage without your computers and related equipment? What would be the consequences if your organisation’s important information (e.g. accounts or confidential client information) got lost or ended up in the wrong hands…?

The threats

The main threats to your ICT equipment include:

• Physical threats like theft, fire and flood
• Hardware failure for example your computer’s hard disk (which stores your files and data) corrupting or failing.
• Malicious attack from things like computer viruses, spyware and other malicious software programs, usually downloaded from the Internet. For more on this see the following Knowledgebase articles:
• How Secure is The Internet
• Dealing with viruses
• Choosing an Antivirus Solution for Your Organisation

And other articles in the section Viruses, Spyware and Malware.

See also Safe and Sound – Keeping Your Computers and Data Secure.

What you can do

The most important thing you can do is make regular backups (– safe copies of all the files containing your important information and data).

You should keep a recent copy of the backup off site (away from your office) in case disaster strikes (it can happen! - if you still need convincing read the knowledgebase article Could Your IT Cope if Your Office Burned Down). Store on site copies securely, preferably in a fire-proof safe.

You should also check on a regular basis to make sure your backups work and you can safely restore your files.

There are several options for backing up your files. The right option for your organisation will depend on several factors such as how often and how much data you need to backup. For more information see the article Backing up Your Data and other articles in the section Disaster Preparation and Recovery.

Other things you should do include:

• Develop a Backup Strategy, back up your important files regularly, check you can restore them, and store a copy of your backups off site (just in case you missed this the first time we mentioned it!).
• Install antivirus software and ensure it’s updating regularly – new viruses come out all the time.
• Make sure you regularly download security updates for your computer’s operating system (e.g. Windows XP and other Windows versions) and other software. This can usually be set to happen automatically.
• Install a firewall to protect your computers and network from malicious attack. For more on this see the knowledgebase article on Firewalls.
• If you have a wireless network make sure you enable extra security features. For more information see the article Wireless Networking Security Considerations.
• Don’t respond to “spam” (unsolicited emails). Many spam messages contain viruses or contain links to (very convincing) fake websites that try to steal sensitive information like credit card details. For more on spam and how to deal with it, see articles in the Spam Management section.
• Make sure staff and volunteers are aware of the issues and receive appropriate training and induction to your systems.
• Have an ICT Acceptable Use Policy. This will make it clear to everyone in the organisation what they should and shouldn’t be doing to help keep equipment secure and use it responsibly.
• Choose and use secure passwords on computers and networks, and change them regularly to prevent unauthorised access to your organisation’s information. See the Knowledgebase article How Am I Supposed to Remember That – Choosing and Using Secure Passwords.
• Store your ICT equipment securely (especially portable items such as laptops, cameras etc.) – don’t forget to lock up!
• Security-mark your equipment – you might stand a chance of getting it back in the event of theft.
• Get insurance! Make sure you have adequate cover for replacing your equipment should the need arise.

For a fuller list of threats and how to reduce them, download Countering and Reducing Security Threats (80 Kb PDF document. Requires Adobe Reader. If you don't already have this, download it from Adobe).

By taking sensible precautions you can keep your equipment secure and running reliably, and protect your important files. There’s really no excuse …

As well as the Knowledgebase articles on Security, there is the Security Knowledgebase Discussion – this is a useful place to share knowledge, experiences, and ask questions.

For help getting started in other areas of ICT, see our index of Starting Out articles.