[Five Practices] Five Tips for E-Security

Computers are a fact of business in today’s world. Not only in the administrative areas where rolodexes are replaced by e-contact lists and upright filing cabinets by e-folders, but on the line itself where water-proof monitors show constantly updating data on your product and line flow.
While the technology certainly has made our lives easier (once we learn how to use it) and has made business more efficient, it also has brought a new wave of security issues for businesses across industries. Not only do you need to defend your product against intentional contamination, you need to defend your data against intentional compromise, hacking and theft.
Following are five best practices which businesses should ensure all employees follow to increase the security of your data and electronic systems:

1.) Restrict access. Not only should computers themselves be set in areas of limited access, but the data on the computer can – and should – be limited for selective access. A basic limitation is the setting of user name and password for computer use, with additional log-in required for entry into proprietary or sensitive data systems. In addition, however, you can generally opt whether or not a file, folder or full system will be shared across the network or limited to selected computers and users. For example, accounting files could be only accessible to those in that department and some executive managers, whereas folders containing information on company standards, employee benefits, marketing materials, etc., could be made accessible to all.

2.) Require robust passwords. Television dramas and movies regularly show a person gaining access to another’s computing by guessing the entry password. Too often users set simple or easily guessed words as their password, never change their password, tell it to a “friend,” or write it down in order to remember it. Unfortunately, there are persons who literally make a game of hacking into systems, taking an adverse pride in their “skills” and using “cracking dictionaries” to further their ends. To increase the security of your users’ passwords, recommend or require all users to:
*  use at least six characters in any password.
*  include numbers, capital and lower case letters, and/or special characters.
*  not stick with whole words even when used with numbers and characters.
*  use an acronym with a personal or made-up meaning instead of a word (a popular example is OeiA;f@11 – “Orange elephants invade Alaska; film at eleven”).
*  change passwords regularly (many businesses set systems to require change at monthly or quarterly intervals).
*  not write passwords down. Select “phrases” that would be complex to others but have some sort of private meaning to the user.
*  never share a password; if there is any suspicion of compromise, the password should be changed immediately (and a supervisor or the IT department informed).

3.) Never leave computers “open.” Whenever a user steps away from his or her desk or line system, the computer should be “closed” and locked requiring login for access. This does not mean that it needs to be turned off, but set so that unauthorized users cannot gain access to computer files. Screens which need to remain open for line monitoring should be set to view only, requiring a password for changes or other input. 

4.) Protect against aggressors. When setting up a new system or network, it is wise to invest in professional information technology (IT) services if you do not have an internal team. This professional can ensure your system and network are as secure as possible, setting up firewalls, VPNs, routers, etc. In addition:
*  If your system can hit the Internet, the Internet can hit you. Have your network checked periodically to ensure it is locked down against Internet aggressors, network hackers, etc. Warn employees against opening of any email attachment which they are not expecting or which comes from an unknown person. Users should also be warned against or disabled from downloading or installing Internet programs or files.
*  Install a trusted anti-virus program, set for automatic scanning. This program (and systems such as Windows) should also have an automatic update checker, with provider updates and patches installed when available.
*  If using wireless access, be absolutely certain that it is locked down by an IT professional. Simple web encryption can be defeated in minutes.
*  Just as you run third-party audits on your plant, so should your internal IT systems and teams be periodically audited. The independent auditor should act as the aggressor and try to hack into your system, check all firewalls, access points, etc.

5.) Protect printed papers. While electronic data has become the backbone of today’s business, most of us still like paper – as a backup, for easier reading, to take into a meeting, etc. Employees should be reminded these printed documents are just as sensitive as electronic data and care must be taken for their security as well, for example:
*  when printing to a shared printer, retrieve sensitive documents immediately, ensuring that all pages are retrieved and that all printed.
*  printed documents of a sensitive or confidential nature should be kept secure and/or in locked files. When no longer needed, these should be shredded, preferably in cross-cut shredders.

While these five tips will not prevent all possible electronic hacking, virus or theft, professional services, regular auditing and communication will help to keep your electronic security tight and enable prevention of and proactive response to suspicious activity or electronic compromise.  QA