 |
||||
|
|
|
||
|
Insight Focus 
Introduction
Passwords
Network and PC Hygiene
Mail
Printing and other media
Physical security |
|
||
|
|
||||
|
|
||||
- Don't connect a personally owned device to the corporate network either directly (say by plugging your laptop into the LAN) or indirectly (like syncing your PDA to a company PC) without prior approval). The IT department should be able to tell you what you need to do to comply with the organisation's security policy, such as installing and regularly updating approved antivirus and firewall software.
- If personal firewall software is installed on your PC, your first reaction to a request to access the Internet should be "no".
The notorious SQL Slammer and Blaster worms both needed permission to operate as servers. Unless you can clearly identify the program and you know it legitimately requires network access, block it. If in doubt, seek advice from the IT help desk.
- Don't install unofficial wireless access points. An incorrectly configured access point can allow outsiders onto the network, potentially exposing confidential information and allowing an intruder to use corporate resources. And when using outside access points including those in homes and cafes, you should ensure WPA security is enabled.
- When accessing corporate resources other than the public Web site from a remote PC (say from the home), you should get into the practice of installing antivirus and firewall software from a reputable vendor. Learn to use your automatic update function on your machine and keep the operating system and applications such as Office updated in the same way and install VPN software.
- At all times leave the automatic update settings on company PCs the way they were configured by the IT department. They are set to provide the best protection while minimising the load on sitting on your organisation's Internet connection.
- Do not install unauthorised software. If you gain approval for non-standard software, uninstall it if and when it is no longer needed. This frees up disk space, improves PC performance and eliminates possible dark corners where "net nasties" may hide.
- Block file transfers in your instant messaging software. Just like e-mail attachments, they can be used to spread malware.
- Keep clear of disreputable Web sites (you know what we mean!) as they may plant malicious code on your machine.
- Tricking people into revealing passwords may be rare, but less unusual (judging by anecdotal evidence) are attempts to obtain passwords, as previously mentioned, via social engineering techniques. So if someone ostensibly "from the IT department" calls you and starts asking questions about your software or hardware configurations, or wants you to change some setting or other, offer to ring them back. But before you do, confirm with your help desk if the caller is genuine.
7%
2%
