A 12 STEP PROGRAM TO SECURING YOUR SMALL-TO-MEDIUM SIZE BUSINESS: STEP 5
This is the fifth in a series of twelve articles written Orthus non-technical managers of small and medium-sized businesses, operating in smaller networks, and may not have developed an internal IT department.
Step 5 to remove the unused software and user IDs; Clean all equipment exchanged
Cost: Minimal – No additional investment
Technology skill level: Low to medium
Participants: Technical support
Why is it?
IT systems provided countless options, many of which you may never use. The installation is designed to be easily and safety, so that functions which are major safety concerns are often in use, such as remote file sharing.
The software, which is no longer used are not valid and should be deleted from computer systems, so that it can not be used in the way attackers to damage the system.
Each user computer system should have a unique account that limits access to data and software they need to do their work (see step 1). When they leave, or change the features, capabilities to be discontinued or amended to reflect the new jobs. Standard management techniques such as separation of duties must be incorporated into the electronic environment to limit the risk of causing harm to one person in the business.
A huge amount of information can be stored in disk drives, and this information is not deleted when the files are removed. Additional information stored in the temporary files to use the software on computers. Anyone can search the data by opening the disk through another computer. Devices that have been removed and repurposed, abandoned, sold or given away, disk space must be on top in order to avoid sharing confidential and sensitive information.
If it is not in the way, I can not just leave alone?
Unused software and user IDs are not the same kinds of books to collect dust from the coffee table. Everyone has the opportunity to give the attacker access to the facility. An attacker can access confidential data such as credit cards and the names of customers and damage and destroy files and programs. Attackers can also use the systems base to attack others, and these victims can sue you if their losses are high.
Control of access to computing should be treated as carefully as cash, since the loss of important information can be equally damaging to business as the loss of money. If the dormant accounts belonged to former employees, they can keep the existing business and steal or destroy sensitive information continue to use the system to use.
As you update the device, the recorded data is replaced by the machine does not go away. Utilities are available to restore deleted files and formatted data sheets.
Getting started
Remove the proportion of terminated employees, when they leave. When firing someone, remove the computer before you use it to organize and communicate them to follow when they are the starting point.
Create policies, programs that can not install the company’s computers (eg, games, download software, music players, etc.).
Create a process to remove all data computer hard drive, if the device has been repurposed, discarded, donated, and sold. Use a utility to remove all data on the writing prohibition of all available disk space.
Additional steps
Uninstall the software is no longer available, and archive files that are no longer used. Less trouble is easier to manage system backups and maintain the system software update levels.
Although it may be convenient, it is very dangerous to rely on the seller’s default values for the system. The default options are attractive targets for attackers – the probability of availability is high, because most installers selected by default.
Reduce the visibility of the target explicitly select only the computer functions needed during installation. If you do not know what the task is, check with the information and make sure it is something you need before starting. A bit of time at the beginning can save you big problems later.
