In spite of the tremendous sums of money that organizations spend each year to defend themselves against hackers and malware, successful security incursions continue to occur with dismaying frequency. In the race to acquire the most sophisticated security tools, many forget that the first line of defense is really the user.
Our Paul Mah has come up with a list of six simple ways that employees can enhance the security of their workstations. Be sure to check out Paul’s full post on the subject at his blog.
Click through for Paul’s six tips on being a more secure user.
With the automated nature of antivirus definition downloads, it is easy for users to forget the importance of having up-to-date antivirus definitions. Subscriptions can run out, or software errors and the inadvertent misconfiguration can cause virus definitions not to be updated.As such, it is important to periodically check on antivirus solutions to ensure that virus definitions are indeed updated. Virus definitions aside, it makes sense to review the status of antivirus software periodically, given that the first action of many malware infections is to disable it.
Microsoft releases regular security updates and patches for the Windows operating system and its various software the first Tuesday of every month. While there is no need-usually-for end users to understand the technical mumbo jumbo on these ‘Patch Tuesdays’ updates, it is nevertheless important to ensure that approval is given to update your system should your permission be requested. It must also be highlighted that the updates are generally not applied until a reboot.So allow Windows Updates to install, and restart promptly when it’s done.
It is often tempting to disable antivirus applications or firewalls in order to get some application to work, or to perform some network-related tests. While there are times that doing so is unavoidable, it should generally be avoided.Many security solutions now come with options to disable the protection for a limited period of time-which might range from hours to a day. Make use of these options to eliminate the risk of exposure due to forgetfulness.
Regularreaders of Paul’s SMB blogon ITBusinessEdge.com will be familiar with how he has always advocatedswitching to software with lesser vulnerabilities. Among others, key culpritsrange from InternetExplorer (Especially IE 6) to AdobePDF Reader.
Forthe former, you can use either Mozilla Firefox or Google Chrome as analternative. For the latter, there are other good and free PDF readers, such asFoxit PDF Reader or NuancePDF Reader.
While this particular advice might strike some as taking a somewhat technophobic route, the fact is that the majority of modern hacks make use of the Web browser as the attack vector. As a result, hackers are making use of various social engineering or other trickery to get users to visit specially crafted websites to exploit newly discovered vulnerabilities.A close cousin of this form of attack involves the use of attached files that are specifically crafted to exploit known flaws in their corresponding software.
Users who indulge in obtaining files from dubious locations or P2P sources are putting themselves at extreme risk of contacting a virus infection. It is relatively trivial to create a Trojan on top of legitimate (or working) software, and users might be left none the wiser.