Preventing Attacks on Computer Security

Laptop Security

Preventing attacks on computer security starts with protecting your laptop.

Did you know? Thieves steal over 1,500 laptops every day (per MIT's Technology Review Magazine). Don't let the next one be yours!

The laptop computer changed the way most of us do business. We are no longer chained to our offices and desks; in fact for many of us, when we travel, so does our office - in the form of a laptop. Small wonder, then, thieves target this little electronic marvel. Especially true in airports, where many people and distractions surround stressed vulnerable laptop owners.

When a thief strikes and grabs your laptop, what else does the culprit get? Your data too? Perhaps some media (usb sticks, etc) containing confidential data that you left in the laptop case because you followed good security practices of not leaving sensitive information on your hard drive.

Previously reported laptop thefts in airports frequently involved two people: one to distract you and another to make off with the "goods." You can be distracted while you going through the X-ray machine, using a phone, buying a drink, checking in your baggage, or getting your boarding pass... just long enough to take your eyes off your laptop. That's all it takes.

Follow these steps with your laptop to prevent attacks on computer security.

  • Don't keep mission critical data on your hard drive.
  • Don't carry your media in the laptop case.
  • If you have a shoulder strap, use it.
  • Avoid putting your laptop in a suitcase and checking it in as regular baggage.
  • Make double backups of your important data, and keep them separate from the originals.
  • Try to avoid keeping important papers in your laptop case.
  • Implement one of the available laptop-oriented portable security systems to combat the loss of valuable hardware and the important data within, e.g., a combination cable lock; a keyed cable lock; a motion sensor alarm; a cable anchor; etc.

Most of all, keep your eyes open and be aware of your surroundings. These few precautions, while not completely foolproof, will decrease the chances of you becoming a victim.

Get certified in Risk Management through our completely on-line training system. Study at your own pace.

Risk Management Certification

Encryption

Various consultants and government agencies have assessed the level of risk regarding the interception of electronically transmitted information by someone other than the intended recipient. And, the bottom line, the risk grows every year.

Preventing attacks on computer security means protecting the contents of messages sent on a public network where the data may be either private or sensitive. Encrypting the message is one possible method.

Encryption of data results in an encoded message that no longer appears meaningful. Decryption reverses process. Encoding techniques may be as simple as using character substitution or transposition. More sophisticated methods employ the use of one or two keys as part of the encoding algorithm. A key can be thought of as being similar to a password.

With the single key method, we use the same key to both encrypt and decrypt the message. Probably the best known single key encryption process is the Data Encryption Standard (DES).

With the dual or public key method, two matched keys are calculated; one is used to encrypt and the other to decrypt. We keep one key private and under high security. The other key, however, you post as public for use by all. A sender of a message would obtain the receiver's public key and use it to encrypt the message. Upon receipt of the message, the receiver would use his private key to decode it.

Usually, the sensitivity of information in electronic form determines the need for encryption for storage or transmission. This applies to both company and client information. Also consider the cost and performance in processing and transmitting the information.

The sources of the risk threat are the intelligence gathering agencies of foreign governments and private U.S. or foreign organizations. Since encryption counters the threat, the ability to decipher the message or file content grows as well. This is due to the increased availability of cost-effective computer power. Therefore, given the current state of affairs, use due care in deciding whether or not to transmit ANY information electronically via telephone, fax, video, computer networks, etc. Since encryption provides some level of protection, base the decision to use it  on business needs.

Confidential information with a low business impact if it were compromised, may be sent electronically. In general, distribute sensitive or classified information by alternate means.

TrainingKeeper Software. Keep, organize and plan all your employees' training and activities. Software includes multi-user support with reports, certs, and calendars.

TrainingKeeper Software

Prevent Attacks on Computer Security with Offsite Storage

To prevent attacks on computer security utilize offsite storage.

The answer is: "the trunk of your car, your desk drawer, and your briefcase."... What's the question?... Name three locations that do not prevent attacks on computer security. For many of us, these have become convenient backup storage locations. If you ask most people to show you their PC backups, they reach for their desk drawer, that is if they have any at all.

Off-site storage keeps the data safe and available for recovery at a location away from the primary location, as a protective measure. Then, if a disaster destroys the primary location, you can recover the data from the off-site storage location.

The strategy for arranging for business off-site storage involves the following:

  • Select an off-site storage facility.
  • Establish procedures to manage and control the rotation of backups to and from the off-site storage facility.
  • Move backups off-site following a planned schedule.

Follow these guidelines for quality off-site storage:

1.) Identify an off-site facility that has the following characteristics:

  • Separate location from the primary location (it is recommended that the location be at least 25 miles away) to prevent a disaster from affecting both sites.
  • Controls for temperature, humidity, and fire protection.
  • Accessible 24 hours a day, 7 days a week to authorized personnel.
  • Secure access controls.
  • Capability to rotate backups to both primary and alternate processing locations.
  • Bonded employees.
  • Electrical power backup.

2.) Document the following:

  • Methods for identifying disaster recovery backups.
  • Method for transportation to the storage facility.
  • Process for rotation / retention.
  • Personnel that have authorized access.
  • Obligations for nondisclosure of backup data.
  • Shipping and receiving schedules.
  • Length of storage contracts.
  • Cancellation provisions.

3.) Define procedures to be followed at the off-site storage facility during normal, non-disaster periods.

4.) Define procedures to be followed at the off-site storage facility during a recovery operation. Equally important is having good backup procedures. They essentially ensures that you capture critical company and customer data, as well as your own personal data. Every employee's responsibility must backup data necessary for the recovery of their job functions.

To prevent attacks on computer security, consider the below listed items for backing up and moving to an off-site location:

  • Personal files or PC diskettes containing critical data.
  • Phone lists (customers, employees, vendors).
  • Financial documents.
  • Any documents or manuals necessary to perform your job.

Your on-line Lean Six Sigma Certification. Course includes videos, reference materials, mobile app, quizzes and a certification test. Start studying today and get certified at your own pace.

Lean Six Sigma Certification

Clean Desk Club

This activity, natural for some and difficult for others, but we all should practice it to prevent attacks on computer security .

What is it? It concerns how we utilize our work space while at work, and how we leave our work space when we go home for the day or week-end. Which means while at work we should be conscientious regarding sensitive electronic equipment in our work space, and we should clear our workspaces prior to leaving for the day.

Most companies encourage a clean desk policy throughout. They make it required in areas of high information sensitivity. Take the following test to see if you qualify:

  • Do you keep media away from magnetic devices such as radios, video screens, telephones, AC power cords, metal detectors, and paper clip holders?
  • Do you avoid setting food or drinks in the immediate vicinity of your PC media?
  • Are your PC cables and power cords covered or cared for, to ensure they are not damaged or are not a hazard?
  • Do you avoid taping items or using glass cleaners on the CPU monitor screen? (This could damage the antiglare coating).
  • Are combustible materials, such as flammable solvents or cleaning fluids, near microcomputers stored safely?
  • At the end of a working day, are all loose papers and materials removed from desks and placed in the drawers, cabinets, and lockers provided. These should be locked and the keys removed for safe keeping.
  • PCs and video display units should be switched off and, if practical, these units should be locked and the keys removed. Any other power equipment that is no longer required should also be switched off.

Complying with a clean desk policy results in a more professional looking environment, and one that better safeguards the information and equipment in our care.

Your easy to edit ISO 9001:2015 Quality Assurance Manual.

QA Manual

Disposal Of Computer Equipment

To prevent attacks on computer security you need to properly dispose computer equipment.

Most of us would not intentionally disclose sensitive company information to a competitor. Yet, with the proliferation of computers and electronic information exchange, the threat of unauthorized data falling into the wrong hands grows greater every day.

A single CD can contain a million pages of information, and today's standard personal computers are equivalent to a library. In the wrong hands, certain information could place your company at risk of loss of revenue, at risk of litigation, and/or at risk of embarrassment.

That is why proper handling and disposal of computer equipment and its associated information is so important to mitigate attacks on computer security. With old and new equipment changing hands every day, we must take additional precautions to ensure not to disclosed that sensitive information.

To prevent attacks on computer security before sending a PC off-site for repair, transfer, or disposal, remove any sensitive information. Simply erasing or deleting these files may not be enough because most of this information can be restored with any common undelete program.

To properly destroy all previously stored data on a hard drive so that the information is utterly irretrievable, you must low-level format the hard drive. This is recommended especially when transferring computer equipment.

Formatting is recommended when using media to pass along information to others. You should always format the media first, then copy your files onto the media. This ensures against accidental distribution of additional data previously stored on the media.

So let's not forget that when disposing of any computer equipment, all media should be formatted, demagnetized, and/or physically destroyed.

Employee Handbook Kit includes two Employee Handbook templates for Professional & Manufacturing. Includes an additional 22 policies and benefits templates.

Employee Handbook Policies & Benefits

Dumpster Divers

People known as "Dumpster Divers", go through dumpsters looking for information about their competitors. They wait for people to be careless.

To prevent attacks on computer security we most often overlook waste disposal.

We spend a lot of time and money protecting our information while it resides in the computer, but do not think about protecting it once it is out on other media.

All sensitive information should be classified, appropriately labeled, and controlled according to its degree of sensitivity.

Most companies have an employee handbook or an Employee Code of Conduct that states "no sensitive information shall be disclosed to non-employees without due authorization." In addition, such information should not be disclosed even to other company employees unless establishing a need to know basis.

When no longer requiring sensitive information including information given to third parties, it must be disposed of appropriately. Appropriate methods include shredding or incinerating. Do not dispose of sensitive material in the office trash or recycling bins. Follow these guidelines to prevent attacks on computer security:

  • Media should be shredded, crushed, demagnetized, or otherwise physically destroyed.
  • Telephone directories should be shredded or incinerated.
  • Outdated manuals, documentation, and procedural guides should be handled in the same manner as any sensitive materials.
  • Paper should be disposed of by shredding, pulping, pulverizing, or burning.
  • Ribbons should be recycled sufficiently to make the information unreadable.
Comment Box is loading comments...

> >



Quality Assurance Solutions
Robert Broughton
(805) 419-3344
USA
email

Unique QA Products

All Products

Software, Videos, Manuals, On-Line Certifications

8D Manager

Corrective Action Software

Snap Sampling Plans!

AQL Inspection Software

TrainingKeeper Software

Plan and Track Training

StreamLiner Software

Lean and Continuous Improvement



Statistical Process Control

Training Video

ISO 9001:2015 QA Manual

Editable Template

ISO 9001 Calibration Manual

Editable Template

ISO 9001:2015 QMS Kit

Templates, Guides, QA Manual, Audit Checklists

On-Line Accredited Certifications

Six Sigma, Risk Management, SCRUM

All Products

Software, Videos, Manuals, Training Material


Please Recommend Us!

submit to reddit