Here's a list of the top 10 recommendations for cybersecurity that
students are learning from CyberSmart, a school program that develops
training curricula to teach students safe computer practices. Are
your employees following these basic tenets?
Protect computers with firewalls.
Use antivirus software.
Do not open e-mail from unknown sources.
Use hard-to-guess passwords and keep them private.
Be a responsible cybercitizen.
Do not share access to your computer with strangers.
Following these recommendations will greatly reduce the probability of
you infecting your PC with a virus, scumware, adware, and other horrible
things:
Do not open an attachment unless you are absolutely sure of its origin and content
Apply Windows Updates frequently
Disable Active scripting and ActiveX Controls
Do not click unsolicited links embedded in email, instant messages, web forums or chat rooms
Have you ever clobbered a Word document or an Excel spreadsheet by overwriting
or accidentally deleting it? If you have lost important documents that were
worked on extensively since your last backup, read on.
VSS automatically creates point-in-time shadow copies (also known as "snapshots"
or "clones") of files stored on a Windows 2003 server. This makes it easier
to recover individual files that are lost between regular backups. There are
even drivers ("writers") for major database applications like MS SQL Server that
take snapshot backups of your databases and ensure that data remains consistent
even when an application is running during a shadow copy process
Whenever you get a new PC or a new piece of software, you no doubt
spend a bit of time adjusting things to suit the way you work. For
example, in MS Word you can specify whether or not you want a
horizontal ruler to appear at the top of the edit window. These
settings are sometimes referred to as "personality settings" because
each user can set them to suit their own unique requirements.
When you get a new computer it can be very time consuming to re-configure
all of those settings for all of your applications again. The good news
is that Windows XP supplies a utility to back up customized settings
called the Files & Settings Transfer Wizard. To access this
wizard:
We have been finding that many of our clients' workstations are infested not
with viruses but with nasty little programs that are often collectively
called scumware. These programs can cause ads to pop-up, send out spam,
attempt to swipe personal information like passwords, hijack your browser's
default home page and other nasty things. The end result is that your
computer runs slower (or not at all) and possibly worse.
Using the term scumware to describe all of these nasty programs clouds
what is really going on. Here are some deffinitions of the various
types of scumware. They can be found at http://www.scumware.com:
Scumware: Software, scripts or programs that are specifically designed to
circumvent or steal revenue and traffic from legitimate web sites. Most
scumware is also considered to be spyware since it usually includes programs
which transmit your personal information. Scumware is usually installed
without consent and bundled with other programs such as popular filesharing
programs or Adware.
Spyware: Software components that are usually downloaded for free from the
internet and installed with products that send information from the user's
computer without their knowledge or consent. Although it is predominantly
found in shareware, spyware can also be found in legitimately purchased
commercial software that collects personal information from your computer.
It is generally considered to consist primarily of 'stealth' components and
background processes that may violate your privacy and/or expose your
personal information and your computer to attack. Usually the information
sent is benign in nature, mostly concerned with general marketing
information (ie., spending habits) rather than specific information like
credit card numbers, although some programs are capable of retrieving
specific information as well. Spyware does not respect privacy as
information is transmitted without consent.
Adware: Adware is advertising supported software. It can be downloaded free
from the web but carries banner advertisements or links that attempt to
create revenue for the company. It usually installs components on your
computer that transmit marketing information to central servers which in
some programs is then used to tailor the advertising presented for increased
effectiveness. The main difference between Adware and Spyware is that Adware
usually contains a disclosure which reveals exactly which information is
being collected and how it is used.
Malware: This term has been shortened from "malicious software" and is
usually applied to cover a wide range of 'hostile' software such as Viruses,
Trojan Horses and Worms. It is software that is designed specifically to
damage or disrupt a system, files or its components.
Most business owners and upper managers are aware that if they
lose critical data, the organization will suffer. But budgets
are always tight and it is not always obvious how much an
organization should invest in data protection measures.
First, it is important to recognize that data loss and the resulting
downtime has a cost and this must somehow be quantified.
Any data protection plan is simply about reducing the risks and impact
of the costs associated with data loss. So, protecting your data
is really a cost savings measure!
Data protection projects don't start with budget, they start with
understanding the existing costs and realizing how to alleviate that
financial burden. With this in mind, consider the following points when
appealing to management for funds:
Clearly illustrate the risk by outlining the cost of data loss at your
organization. When looking at servers, you might want to differentiate
how long it will take you to get back online with tape backup systems
and other solutions like real-time data replication. For example,
replication can enable you to more quickly recover from a disaster or
system outage, reducing your downtime and ultimately the cost
associated with it. However, data replication systems are expensive.
Next, consider your data loss tolerance. Can you afford to lose 2 minutes,
2 hours, or 2 days worth? With replication, the data you restore will
be the same data you had seconds before the outage occurred.
Know the data protection laws that govern your industry such as Sarbanes-Oxley,
HIPAA, and SEC 17a-4. Explain what they mean to your business and where you
are at risk. Remember, not all data protection projects require inordinate
expense. Your measures should always cost less than the financial impact of
the outages you are trying to protect against.
These are the major factors that must be considered. Many, many more factors
need to be factored into your decision on how much money should be allocated
for data protection. We will be discussing these factors in future editions
of this newsletter.