Security Step 4: Protect Internal Systems

James Sparrow
James Sparrow
June 2, 2016

In today’s digital world, computers can be a treasure trove for an online attacker, and can also provide a jumping-off point to reach other systems or online accounts. There are multiple routes into these systems, from open network connectivity to targeted malware. Fortunately there are a few key tools at your disposal to protect against these threats.

Keep Your Systems Updated

Many malware threats operate and spread by taking advantage of problems in software for which fixes have long been enabled. Unfortunately these fixes are often not applied to the vulnerable systems. Modern operating systems such as Windows and Mac OS X support automatic installation of critical updates — you just need to enable it. A number of application packages, such as Microsoft Office and Adobe Acrobat, also support automatic updates. Given their widespread use throughout businesses, these applications offer a rich target for hackers. If the applications you use offer automatic updates, make sure this feature is enabled.

Install Anti-Malware Software

Clicking a link in email that looked legitimate, downloading a file from a site you thought was secure — these are common actions done every day to infect systems with malware, and the damage can range from keyloggers stealing passwords to ransomware holding your data hostage. You can greatly reduce your risk of falling victim to these attacks by making sure Antivirus/Anti-Malware software is installed and configured properly on all of your systems.

Once installed, make sure real-time checking is enabled so security analysis is performed immediately as actions are performed. You should also schedule full computer scans weekly at a time that doesn’t interfere with your work. If you are using Windows 8 or later, Windows Defender antivirus is pre-installed and needs only to be configured.

Enable Your Firewall

A firewall inspects the communications coming in or out of your PC and makes a decision to allow the communications to continue, or to block them. They can prevent attackers from gaining access to your computer and data, as well as halt the spread of malware from one computer to others. Windows and Mac OS X both have built-in firewalls that you can configure to meet the needs of your office.

You should enable your firewall and configure it to block all incoming connections except for applications that you specifically enable. Typical exceptions include instant messaging and file sharing applications. Some software applications may require specific exceptions to be configured to allow access from other computers on your network or the internet, but the vendor documentation should make this clear.

Limit Access

One final tool for protecting your systems is to limit what users are able to access and modify. In computer security circles, this is known as the Principle of Least Privilege, and states that users should have the minimum privileges necessary to do their jobs. By limiting users in this way, you ensure that confidential information is accessible to specific individuals and non-administrative users cannot make system changes that may threaten the security of your office. We suggest that you create an Administrator user with full privileges to configure your PCs, and then individual non-administrator accounts for each user in your office, including yourself (avoid using an administrator account for your own primary account). Then share files and folders with specific users based on their need to access the information.

The steps above will help ensure that your systems are significantly less vulnerable to hacks and data exfiltration from within and without. Next week we conclude our series with tips on securing the sensitive data within your office.