The computer people you can believe in
|
The computer people you can believe in
|
|
|
Defending your computer systemsThe first thing under the prevention theme is to establish a computer policy in the organisation. Company owners and directors are responsible for ensuring that such a policy exists, and could be found liable in some cases if actions are taken by staff or employees in the event of disputes. The policy is intended for any users of the computer system including visitors and engineers. Focus on: Authorised access. Define who is allowed to access what parts of the computer system and make sure that members of staff are informed in writing of the limits of their access. Make sure you outline that disciplinary action will be taken against those who breach the policy. Make sure that the users are sure about the use of passwords and that it is they who will be held responsible for actions taken under their login name (irrespective if it was them or not). Use of e-mail. Outline the reasons for having e-mail in the organisation, and detail exactly what is and is not acceptable. Note the organisational policy for racist or sexist messages or comments. Ensure that you include instructions not send defamatory or offensive messages. Users should be discouraged from entering into contracts via e-mail unless they have the required authority to do so. Discourage the sending of sensitive or confidential messages via e-mail, unless they are protected and absolutely necessary. If you intend to monitor e-mail, you must inform the users in writing before you decide to do so to avoid breaching their rights to privacy. Use of the Internet. Your computer policy must make reference to acceptable use of the Internet within your organisation. If you decide to take action against an employee for accessing a pornographic web site and you have not made it perfectly clear in your policy before the offence to place, be prepared for problems. Make sure your computer policy is audited by your legal department or a solicitor before you finalise it. Have each user sign to say that they have read, understood and agree to abide by the computer policy. Updates should be treated in the same way. Consider having a ‘splash screen’ that shows when users log in to the computer system. This should inform them that they should not proceed unless they are familiar with and agree to abide by the current policy. There are many programs you can use to increase the defence of your system, and before you look at what you need, consider how your system might need defending. Many computer managers or system administrators might be unable to determine if their system has been subject to any form of offensive. Try making sure that the central computers keep logs of all successful logins, and more importantly the unsuccessful ones. Make sure that where dial back facilities exist, procedures are in place to screen unwanted callers, such as only granting connections to certain numbers, or setting up dial back. Consider conducting an audit of the complete system, look at ways of accessing the information, and see just how far each group of users can go. You might want to purchase specialist reporting programs such as Seagate Crystal Reports, that allow regular reports to be made of who logged in when and for how long, even what they accessed. This type of program does nothing to prevent access, but is does highlight what the current state of your system access is. Once you have established what you have to protect, its current usage and you are sure you have good housekeeping in place, you are ready to see what additional tools can look help you preserve your system integrity. A good place to start is a full suite of anti-virus software, that is kept up to date. Many leading products can be automatically set to download the latest virus definitions from the manufacturer. See that the protection covers servers, PC’s, e-mail systems, and Internet surfing. Once this is in place, you might consider taking additional steps to secure your e-mail system. Most leading server based systems can have encrypted messages and digital signatures. There are even products to prevent file attachments with certain filenames or extensions from entering the system in the first place. E-mail or public e-mail folders can also be filtered for text containing certain words or phrases Finally you might even want to monitor the destinations or senders of e-mail into and out of the company, this is particularly useful when seeking to catch those sending or receiving messages from competitors. |
|
|
