by Ted Saul

Computer security continues to be the number one concern for Information Technology managers throughout the world. The number of viruses for Windows continues to grow and even Apple has become a target for hackers. BOT infiltration is quadrupling year after year. Malware instances that perform everything from data mining to ad placement continue to grow at rates that are almost impossible to track. Starting the year out by reviewing your computer strategy is a good idea. Three high level goals that you will want to keep in mind as you design your security defense are prevention, detection and response.

Prevention – First, you want to keep security infractions from happening. Performing a review of the past year to see when failures have taken place is the first step. If not already established, set up measures to prevent the incidence from happening again. Other preventative steps include checking for lapses in anti-virus and firewall software as well as vulnerabilities caused by inconsistencies between computers. Keep in mind that one weak computer within your environment most likely will affect and infect the entire network. A final prevention step is to observe how well your staff knows and understands the security policies of the company. For example, a walk-through a work area should not uncover any passwords attached to monitors via post-its. (Hint, check under keyboards.)

Detection – Second, assess how well breaches of security were detected previously. How quickly did attempted intrusions get uncovered and in turn acted upon? How much damage or loss of data took place? Determine the amount of time that passed from when the break-in is detected to the time it is stopped. Also, make sure that logging tools used to monitor system security are reviewed regularly and archived accordingly. If these logs contain data for the entire year chances are they haven’t been used efficiently to detect attacks to your computer system.

Response – Thirdly, if an attack was successful last year what response took place? Ensure that you have up-to-date processes and procedures in place to handle serious invasions of the system. Keep pager and cell phone numbers of the security response team readily available for your staff. This team needs to know how to handle any security situation that may arise within the company. Also document what personnel is to be notified within the company including the CEO, CIO etc. Finally make sure there is a notification process in place for customers and clients if their privacy data has been compromised.

A final recommendation is to hire an outside company to perform a security assessment on your computer environment. Ethical hacking is a legitimate profession used by many large and small companies to examine all aspects of security including physical access, web access and employee training. The cost of hiring such consultants can easily outweigh the damage caused by one serious breach of security.

Ted Saul is a business consultant located in Murrieta, California. His expertise includes security and data protection on numerous platforms. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it "> This e-mail address is being protected from spambots. You need JavaScript enabled to view it , TWS787 on Twitter or on Linkedin.