With the start of school around the corner, many IT administrators have to prep their environments for the hordes of students that will insist on downloading the entirety of Internet. Interestingly enough, our employees sometimes feel that they should do the same.
While they may not necessarily be visiting unsavory sites, they are likely to visit a variety of other sites that will distract them from their learning or job responsibilities. So what are those things should be done in preparation for the start of the school year (many at little-to-no-cost), whether at the school or in the work environment?
1. Educate your users. This cannot be stressed enough. Even if the site is about flower arrangements, it may be enough to distract users and eat up precious resources. This means users should be reminded that the computer and the network that it uses are the property of the company or the school and should only be used explicitly for reasons related to that organization.
2. Remind users that all things may be public. Whether it’s their activities and where they surf, emails or IMs they send or receive, it is all fair game and that there is no expectation of privacy. Additionally, public social networking sites can be used to connect with colleagues outside of work but common sense about what can be posted on those sites should be used.
3. Ensure that there are firewalls in place not only to protect the corporate environment from attack (outside in) but also firewall rules to limit what exits your network (inside out). It may be an innocuous gaming site but there could be malicious scripts on it that piggyback on connections.
4. Anti-virus and malware detection tools are still tools that should be incorporated into any standard educational or corporate environment. Just because we haven’t heard of any latest attacks doesn’t mean that they don’t exist. New attacks are occurring and new attack vectors are being used. Take, for example, Facebook applications which often grab as much info about a user from their cookies as it can and there is no mechanism to check if it grabs other cookies as well.
5. Take the stance of “less is more” on user environments. In addition to firewalls, anti-virus and malware detection tools, the actual desktop should be hardened. NIST/NSA still provides free hardening guides on the majority of systems. Remove what is unnecessary and only add the minimum of what is needed. If a user needs more, they will ask.
6. For those users that are mobile or heavily connected (the Blackberry crowd), invest in some simple laptop locks, Blackberry protective cases (like those from Otter) or other mechanisms. The Otter, I found, is great for klutzes like me at protecting my Blackberry when I drop it. You can use Roblock to track down lost or stolen Blackberries.
7. Take an inventory. It’s amazing how many companies let their laptops, Blackberries and other devices become property of individual employees. Asset tags and a simple asset tag database can work wonders. It’s important to keep track of those items as lost or wayward devices can add up to additional costs for a company. MyAssetTag.com may be a good site to visit to get such tags and they even have some for PDA/Smartphones.
8. Laptops and desktop LCDs should, by default, come with security screen filters. Laptops in particular should be outfitted these. With researchers and executives on the road, it’s important to ensure that wandering eyes don’t steal proprietary intellectual property. Whenever a new laptop is issued, it should come with a decent security filter. (3M makes an excellent line of these). With a bit of searching you can find some privacy screen filters for Blackberries and other such devices.
9. VPN tokens and the usage of VPN in general for all communications can help ensure that all sessions are protected. This may seem odd for a school to use but when an organization like Blizzard introduces it to improve security on its popular World of Warcraft online game, it’s definitely time to have it as a regular part of school or large organizational life. At $6.50 each, this is a cheap option to ensure that a person is a legitimate member of the community they are supposed to be a part of.
10. Weekly notifications of viruses and ideas to protect the company. The more informed an end-user is, the better it is for your organization. These don’t have to be in-depth but it may be enough that when a user uses their home computer to access work (since many companies are trying to employ telecommuting or 4-day work week options to save money) they protect those machines as well.
Oh, look. We’ve ended back at education again.
More importantly, turn these into good habits and standardized processes. When you close the door to security threats, you get more done faster.
And that means less homework for everyone.