Safe Business, Good Business

Reducing the security risks to your business

Data is the lifeblood of your business. Your customer records, accounts, employee information, correspondence, email – imagine what would happen if you lost it all or it fell into the hands of your biggest competitor? It can happen. For example, new data from Intel suggests that one in 12 business notebooks will be lost or stolen. So, we’ve put together this guide to keeping your business safe by keeping your data safe.

Getting Started

If you want to stay safe, you need a good security plan. Make sure that the rough draft of your plan includes these basic points. You won’t write a perfect security policy in your first attempt, so schedule regular meetings to discuss and revise your plan.

  • Client-side basics: Install anti-virus software, check your firewalls and enable automatic software updates on all of your corporate PCs. Microsoft Security Essentials provides real-time protection for your home or small business PCs against viruses, spyware and other malicious software. It is easy to install and free for small businesses with up to 10 PCs, providing they are running genuine Windows.

  • Server-side security: Maintaining a secure server requires qualified IT personnel, but you can do your part by helping them plan. Ask your IT department how they detect unauthorised access, what plans are in place to deal with security lapses and how they stay informed of developments within the security community.

  • Staff policies: Your staff will be responsible for enacting your security policies day in, day out. Your security plan should explicitly lay out expectations, including who will conduct IT security trainings and who should monitor team members for compliance.

  • Up-to-date hardware: PCs that are four years old are 54 percent more likely to have security incidents than PCs that are less than one year old. Upgrading to a new computer doesn’t just mean you will have a faster processor and more memory, security features will actually become more effective. For instance, Intel® Turbo Boost Technology intelligently allocates processing power and hyper-threading technology lets each processor core work on two tasks at once, allowing users to run virus scans faster and with less interruption.

  • Get help: If no-one on your team has the right expertise, don’t be afraid to get outside help. You wouldn’t ask your employees to just take their best guess on legal or accounting issues – you would get expert help if it was necessary – and you should approach security the same way. In the long run, you should consider training some of your employees so that you have in-house security experts when problems arise.

Ten essential security features on new HP Notebooks

The latest HP Business Notebooks come with HP ProtectTools pre-installed. It’s free and it’s essential if you want to keep your data and your notebook safe from thieves and prying eyes.

  • Drive encryption. HP ProtectTools uses the best way to protect the information on your hard drive. Even if a thief removes the hard disk from your notebook, they still can’t read the data on it.

  • Face recognition. Use the webcam on your notebook to recognise your face as a password to access your computer. It’s quick, easy and secure.

  • Fingerprint scanner. Many HP Notebooks come with a built-in fingerprint scanner – a secure, easy way to log into your computer without having to remember a password.

  • HP Credential Manager. Use this to log into your notebook with a single password, smart card, fingerprint swipe or facial recognition and then have it remember all your other passwords for you.

  • HP enhanced pre-boot security. HP ProtectTools offers enhanced, multi-user pre-boot security. You have the option to create a Windows user and a pre-boot user, along with multi-factor authentication that uses any combination of password, smart card and biometrics.

  • HP SpareKey. Users lose and forget passwords all the time. HP SpareKey adds credential recovery capability into the BIOS, so users can regain access to their laptops without involving IT administrators.

  • HP File Sanitizer. Permanently deletes files, folders and identity information from laptops and desktops to help protect users’ personal information.

  • HP Disk Sanitizer. Completely remove unwanted data from hard drives with HP Disk Sanitizer. Perfect for when you need to hand your notebook over to someone else – a new user or when you recycle it at the end of its life.

  • HP Device Access Manager. Restrict access to removable devices, such as USB memory sticks or recordable CDs, so that your staff can’t copy data from a company notebook.

  • HP Computrace Pro. Add the protection of Computrace® to your business laptops with Computrace Pro, exclusively for HP Business Notebooks. Get discounted access to this valuable service to track lost or stolen hardware and delete data remotely.

Consistent standards

If your network is a patchwork of multiple computers, operating systems and program suites, the complexity involved in tracking every security vulnerability practically guarantees that you will have more security breaches. Aim for some consistency so that your IT department can enforce your security policies.

  • Standard disk images: Your IT department should create a standard disk image so that they know what every computer starts with, including solid security features. Even if it isn’t practical to have a single disk image for your entire enterprise, having a small number of images for different departments is better than creating a unique mix of programs and settings for every computer.

  • Standardise hardware: Managing a secure network is easier if you only have a few types of client running on it, especially if all of those clients are business-class machines from the same manufacturer. This will also simplify acquiring and updating your software.

  • Integrated security software: Buy computers that have an integrated security suite that has been optimised for the hardware it’s running on. For instance, HP packages their business-class laptops with HP ProtectTools, a customisable security program that prevents unauthorised access to your data.

Access control

Preventing unauthorised access to your network is your primary security challenge. Layered security, which employs multiple systems to restrict access, is significantly stronger than any one of those layers on its own.

  • Strong passwords: Passwords are ubiquitous in modern society, and many of your employees will have picked up bad habits. Require company passwords to be eight digits or longer including uppercase and lowercase letters and numbers. Also, insist that your staff use unique passwords – using the same password in multiple places means that the strongest network becomes exposed to the vulnerabilities of the weakest network.

  • Protect your hard drive: BIOS passwords restrict access to Windows so that hackers can’t run password-cracking programs. For the most sensitive data, encrypting the hard drive also prevents other forms of forensic data analysis. You can find these security layers in high-quality packages such as HP ProtectTools.

  • Control access points: Creating a new wireless hotspot is as easy as plugging a router into a jack, but unmanaged access points may not be secured properly, allowing attackers an easy way in. It’s best to absolutely forbid rogue wireless networks, and then monitor for wireless signals that your IT department didn’t set up.

  • Biometrics and smart cards: Instead of checking something you know, such as a password or the answer to a question, biometrics and smart card readers check something that you have: a physical object or yourself. Fingerprint scanners and smart card readers come standard on many laptops; HP includes them in its ProtectTools package on many of their business-class laptops. Windows 7 also integrates biometric security hardware into the operating system to prevent conflicts.

  • Program permission: Just as not all users have the same permissions, Windows 7 provides User Account Control (UAC) so that you can control the permissions of individual programs, which prevents viruses from executing without employees realising it. UAC can be adjusted for the balance of security that’s right for your firm.

  • Delete former employee accounts: Allowing a recently fired employee to access your system is a recipe for disaster, but even employees who are leaving on good terms may be tempted to take valuable information as they go. Eliminating an employee’s network accounts should be a standard part of HR’s employee termination checklist.

Secure data

Lost data can wreak havoc on a project and stolen data can create legal liabilities and public embarrassment, not to mention the potential financial damage. Clearly, securing corporate data should be a major component of any security strategy.

  • Need-to-know: Your employees need information to do their jobs, but few of them need access to all the information at your disposal. Adopting need-to-know information regulations minimises the impact of lost or stolen data, and keeps employees accountable for the information that they access. Of course, you will also need clear guidelines for requesting access to information so that your security concerns don’t damage productivity.

  • Encrypted drives: If you have to store sensitive data on a laptop, you should consider encrypting the hard drive; Windows 7: BitLocker To Go even extends data encryption technology to removable storage devices. Some companies have resisted encrypting their hard drives because it slows the computer’s performance, but that is changing rapidly. With the Intel® Core™ processor family, sensitive data can be encrypted up to 3.5 times faster.

  • Backup your data: Ultimately, the only way to be certain that you don’t lose information permanently is to back up regularly. Create a schedule that includes backing up the system, testing occasional backups to ensure the procedure is sound and moving backups to an offsite server.

Physical security

IT theft isn’t always high tech; an unattended laptop can disappear without a moment’s notice, causing just as much damage as an undetected virus.

  • Restrict access to your servers: Very few people need to have physical access to your servers, so keep them locked up and out of the way. Storing servers in a room that is only accessible through the IT department has your technical experts double as guards while providing them quick access in case of a problem. While you’re at it, raise the servers off the floor in case of flooding and invest in protection against electrical spikes and surges.

  • Situational awareness: Train your employees to be aware of potential security risks, especially when they are working out of the office. They shouldn’t let people watch while they enter their passwords, and they should be wary of anyone trying to get a glimpse of their screen while they work. Some products such as HP’s privacy filter prevent people sitting at an angle from seeing what is on your screen.

  • Prevent laptop theft: Carrying laptops in nondescript bags will prevent them from becoming an obvious target for theft, and keeping the laptop close at hand at all times will reduce the risk of grab-and-dash thefts. Theft might seem unlikely, but according to the Open Security Foundation, lost and stolen laptops are the single largest type of security breach.

Social threats

Social engineering focuses on tricking your employees to unintentionally undermine your security strategy. A little training and a lot of scepticism will stop most of these attacks cold.

  • Stop rogue software installation: Many social engineering attacks provide programs that appear useful, and in some cases that really are useful, but that also install malware on the user’s system. If an employee needs to install software, they should discuss the issue with the IT department first.

  • Phishing: Phishing attacks literally ask for confidential information, but a surprising number of people give the requested data. Phishing filters like the one installed in Internet Explorer 9 will alert your employees to potential attacks, but nothing beats training your employees to always question the legitimacy of a request for sensitive information.

  • Baiting: Baiting uses your employee’s curiosity against them by dropping removable media infected with viruses near your office. When someone puts it into a computer, the virus is installed in your system. Be wary of other people’s removable media, and if you don’t know who owns it, don’t even consider opening it.

This business advice article published in association with HP. Find out more about HP Laptops, Tablets, Desktops, Printers & Servers

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>