Carlton’s Security Checklist for Corporate Computer Systems

 

Presented below is a detailed list of security measures that you should consider taking to safeguard your company data and computer systems.

 

Physical Security Measures

 

*      Make sure that your building is very secure to prevent intruders and theft.

*      Install extra window locks and door locks.

*      Consider hiring a building guard.

*      Install key entry systems that monitor and record employee access.

*      Install door locks on internal doors to prevent access to file servers & systems.

*      Make sure that appropriate fire prevention measures are taken to prevent fire.

*      Install UPS systems to protect against power outages.

*      Install surge protectors to protect against power surges.

*      Replace surge protectors regularly, and UPS’s as needed.

*      Use computer locks to bolt computers to desks and tables.

*      Use computer locks to protect laptop computers when traveling.

 

Password & Encryption Measures

 

*      Require all users to password protect their computer systems at the boot level.

*      Require all users to password protect their operating system.

*      Require all users to obtain digital IDs and send only encrypted e-mail.

*      Require all users to password protect sensitive documents.

*      Use the accounting system’s maximum password capabilities to prevent unauthorized access.

*      Require all users to change their passwords periodically.

*      Require users to use only large passwords containing a mix of letters and numbers.

*      Require users to use a different password for every function.

 

Back Up Measures

 

*      Create a recovery diskette for each computer system periodically (monthly).

*      Back up all company data to a single source daily including data files, e-mail.

*      Keep a Back up of all company data off site daily.

*      Back up each computer system daily.

*      Keep a back up of each computer system offsite.

*      Run a “System Imaging Program” such as Columbia Data Products.

*      Use only current hardware systems and components which can be replaced quickly if necessary.

*      Rotate backup media regularly. Retire older media to offsite permanent back up and introduce new media regularly.

*      Utilize a father/son/grandson approach to creating multiple back ups.

*      Back ups should be read and verified.

 

Operating System, System Settings and Program Updates

 

*      Only run operating systems that provide top level security such as Windows 2000 or Windows XP (Windows 98 does not).

*      Update your operating system frequently for the latest security patches. If your operating system supports it, enable the automatic update capabilities.

*      Update your e-mail system frequently for the latest security patches.

*      Update your internet browser frequently for the latest security patches.

*      Update your application programs frequently for the latest security patches.

*      Establish minimum browser settings requirements for all users regarding downloading files and accepting cookies, etc.

*      Configure your browser’s content advisor to curtail access to inappropriate web sites.

*      If you use Windows 2000 or Windows XP Professional, review the Event Log frequently and look for logons at odd times.

*      All software products should be registered to receive product alerts.

 

Anti-Virus Measures

 

*      Run live anti-virus software on each computer system.

*      Update all anti-virus software regularly.

*      Establish a policy that anti-virus software is to remain active at all times.

*      Set anti-virus software to automatically scan all incoming mail and attachments.

*      Set ant-virus software to automatically download virus signature file updates.

*      Set anti-virus software to automatically scan your computer system regularly.

 

 

Personnel Policies

 

*      Have users sign a letter acknowledging that internet access is restricted to business purposes only.

*      Expressly forbid employees from access to pornography sites with company provided computer systems and internet access.

*      Inspect employee computers regularly for evidence of inappropriate internet access or spamming.

*      Advise employees that the company retains the right to read any and all e-mail.

*      Scan all e-mails regularly to identify inappropriate communications.

*      Advise employees not to install unlicensed software on company computers.

*      Advise employees not to install company software on personally-owned computers.

*      Advise employees not to allow family members or others access to laptops.

*      Advise employees that children and teenagers are not forbidden to have unsupervised usage of company provided Internet access at home.

*      Make sure to include a securities section in the corporate policies manual.

*      Audit employee computers regularly to search for unlicensed software.

*      Advise employees to use their business e-mail address for business related purposes only, and to avoid supplying email addresses to potential spammers via instant messaging or chat room registration.

*      Advise employees to use credit card numbers only on secure web sites.

*      Advise employees to protect sensitive data concerning online payment accounts and banking identification numbers.

*      Advise employees to take reasonable measures to ensure the authenticity of important web sites and e-mail addresses before using them for company purposes. If necessary check with eTrust or BBBonline first. The company may also call the company or person on the phone to help determine legitimacy.

*      Advise employees to always read privacy policies before providing information over the internet.

*      Accounting personnel should scan statements for any unrecognized charges, no matter how small. These small charges could be criminal tests for larger charges to come.

*      Employees should be advised not to open unrecognized e-mail attachments.

*      Advise employees to be wary of attachments forwarded even by names you recognize. They should save attachments to the hard drive first so the antivirus software can act on it before opening.

*      Advise employees not to play games online, especially if they involve downloading a program.

*      Advise employees not to download illegal copies of music or movie clips to company computer systems or using company provided internet access.

*      Advise employees to avoid internet-based peer-to-peer networking sites (often used for live video chat or file swapping).

*      Advise employees not to share diskettes used at school or by other companies.

*      Advise employees to immediately report computers that slow down, large amounts of unexplained modem or hard drive activity, or unusual behaviors in their computer system.

 

 

Firewall Measures

 

*      Install a firewall device in front of your company’s internet connection.

*      Install a firewall device in front of all internet connections located in employee homes.

*      Make sure that your firewall is designed to detect and prevent denial of service attacks, unauthorized access, and preferably blocks viruses and filters pornography.

*      Update your firewall software regularly with the latest security patches.

*      Review firewall logs regularly to identify or monitor attacks on your system.

 

Identify Theft

*      Advise employees to be alert to identity theft by review accounts online frequently to spot unauthorized transactions; and to review all monthly statements for unauthorized activity.

*      Advise employees to call an account if they do not receive a monthly statement in the mail.

*      Advise employees to obtain credit checks annually to see if anyone has opened a new account in their name.