How Secure are You?

How safe is your computer network?

What threats do you need to worry about? Where are you vulnerable? How much computer security is enough for your office? When was your last independent professional security checkup? Do you have a plan to stay safe? Have you tested your security? If these questions make you nervous, that's OK. A little paranoia is good when looking at security.

Security Basics

Good (or bad) security isn't a one time event. It is part of your everyday work life. It isn't someone else's responsibility, it's everyone's responsibility. Just as you can't balance your checkbook once and be finished, security is never finished. Your security will be continually tested, so you must be continually thinking about your security to make it better or stay even. You can never be completely secure. Doing business and living life has risks that you can't completely eliminate. Your goal is to continually maintain a level of risk that feels comfortable to you. Unfortunately, much security is reactionary. People don't get religious about backup until they've had a data disaster, for example. Oh, you think backup isn't security? It is. Backup protects your information. There are some simple things that you may or may not be doing that can make your computing life much more secure. Security is always defensive. You can't know all the risks that the world might throw at you, but you can protect against them anyway, just as seat belts protect you in the case of an accident. Security is imperfect. Your car might be destroyed, but at least you have a better chance of living through an accident.

So, where do you start? First, you have to figure out what you have. Not everything is equally important and needs to be equally protected. For example, your browser cache can be regenerated at any time, so protecting it isn't a priority. Your e mail is important to you, but it isn't life threatening from a business standpoint. On the other hand, if you lose access to your computerized phone and voice mail system, you are out of business that day. Most businesses couldn't stand to be without access to their accounting data for an extended period. Valuable business assets vary from organization to organization and even person to person. You need to decide what's most valuable to you and then take steps to keep those assets safe.

Now that you know what's valuable, do you know how vulnerable it is? How easy is it to delete information, corrupt a database, deny access to a critical system, or make unauthorized changes to information? How visible/accessible are your valuables?

What threats do you reasonably need to worry about? Even if you have a vulnerability, if no one can exploit it or cares to exploit it, it isn't a risk. Sitting in my house, I'm vulnerable to being stabbed to death. But, as long as I keep my wife on my good side, that risk is pretty low. Likewise, my brother probably doesn't need to worry much about people stealing his toenail clipper collection.

There are only three things you can do about a risk. (1) Avoid it. Don't get involved in that risky behavior. Don't cross the street except on a green light. (2) Accept it. You can't eliminate all risk. If you want to go to the store across the street, you have to cross it. (3) Act on it. Do something to lower the risk. If you are worried someone will rob you of all your money, don't carry it all on you.

Your risk is a combination of how valuable something is to you combined with how vulnerable it is and the threats to it. Risk is lowered by any countermeasures you might take to protect those assets.

While Iron Horse is heavily involved in computer security, I haven't been talking much about computers. The reason is that computers and the programs on them are only tools to do work. The real value is in the information on those computers and how people use them. Computer security begins and ends with the people who use them.

Call Iron Horse today to find out how you can develop a defense in depth strategy that will leave you sleeping better at night.

8328 Traford Lane Suite A
Springfield, Virginia 22152-1667
Telephone: (703) 866-6413