The IT Admin’s Checklist for Office-Wide Security
By Chris BrunauInformation Technology administrators know the value of computer security. Communicating that value to your end users, however, can often prove to be a challenge. Remember, every security best practice is a trade-off between convenience and safety. Users who don’t understand the stakes involved in computer security won’t often give up their convenience. Here are a few key aspects of computer security that all IT admins should teach their users.
- Password Security: Short passwords that contain obvious words are easier for hackers to guess. Hackers can simply try any of the most common passwords first and, if that fails, they just use a program that tries random words or common sequences of numbers. When that fails, hackers try random series of letter and numbers. The longer and less common your password, the harder it is for hackers to guess. Most people choose short, simple, obvious passwords because they are easy to remember. Long, complicated passwords are harder to guess, but are also harder to remember. That’s why you shouldn’t use a password; you should use a passphrase.
- Email Security: Email attachments are the easiest way for hackers to infect your computer—and your company—with malicious software. Always scan email attachments before you open them—even in emails from people you know. Just because that email appears to be from your sales manager John Doe, that doesn’t mean it’s really from him. Hackers can “spoof” email addresses to make them look like they came from someone else. Hackers could also have hacked John’s email account and are using it to send dangerous attachments. Or—and this is very common—John could simply be a lot less careful than you are and he is unknowingly passing around an infected attachment, putting everyone else at risk.
- Network Security: A WiFi access point named “Free Hotel WiFi” or “Conference Center Guest” or “Coffee Shop Network” might not be provided by the hotel, convention center or cafe. Anyone can create a WiFi access point with that name. When you connect to a WiFi access point that doesn’t require a passcode, the traffic between your device and the access point won’t be encrypted. That means anything you do while connected to this WiFi network can be easily seen by others. Your usernames and passwords might be intercepted and viewed by a snoop scanning local WiFi traffic