May 24 2011

5 Ways to Reduce IT Risk

Build these basic guidelines into your user training to reduce IT risk.

Successful IT departments are staffed with people who never stop learning. Most started with Computing 101 and broadened their skill sets from there, each working to master their respective specialties. But it's easy to forget that not every user has taken Computing 101, and all too often IT equips them with computers while not giving them the information they need to stay out of trouble.

Malware attacks, virus outbreaks and crippled networks cost organizations an exorbitant amount of money each year. Every one of these disasters started with a single compromised machine. In an effort to mitigate risk and prevent the preventable, ensure that these five basic guidelines are part of your organization's new-user training.

1. Avoid Installing Unsupported Software

Such programs can degrade computer performance and may introduce network security risks. As a general rule, users should always avoid toolbars, download accelerators and unsupported programs that run in the system tray and update in real time.

2. Understand the Signs of Phishing Attacks and Other Suspicious E-mail

Most organizations go to great pains to filter unwanted junk, phishing and other malevolent e-mail, but even the best solutions will let an occasional bad one slip through. Ask users to be on the lookout for characteristics of suspicious e-mail and learn to discern what should and shouldn't be opened. Broken English?

An unexpected e-mail from someone you know with a strange subject line? When in doubt, contact the help desk before opening it. Most technicians would rather spend two minutes identifying a false alarm than two hours working to fix a compromised machine.

3. Perform Frequent Backups

Even though IT departments regularly back up user and group network shares, many users also save files to their workstation's hard drive – or worse yet, to a removable thumb drive. The convenience of always having these files available offline quickly becomes a nightmare the moment a drive is lost or a notebook is stolen. Don't keep files "local" for any longer than necessary, and back up all workstation data files to the network at least once weekly.

4. Treat Every Public Connection as Just That

Public wireless hotspots are a playland for identity thieves and other cyberfelons. Treat every public Wi-Fi network as though other users can see everything you're doing, because chances are, someone will be watching. Be vigilant in these situations and sparing in what you do, and always avoid making purchases over unsecured networks.

To encrypt sensitive data, use VPNs to perform work-related tasks such as checking mail and transferring files. If practical, tether with a mobile phone and skip the hotspot altogether. Though this will cause arguably slower performance, mobile networks tend to employ better security measures.

5. Stay on Top of Software Updates

Nobody likes having their work interrupted by the ubiquitous "update available" pop-up, and it can seem overwhelming when so many programs want to update – from Windows to a litany of browser plug-ins, readers, productivity suites and driver software. Unfortunately, this is a necessary evil.

These updates not only add stability enhancements, but are frequently released to address critical security concerns as well. Encourage users to install these updates as soon as they're prompted to do so.