Viruses, Spyware, and Your Business
Date: 2010-02-08 12:14:50
Protecting your employees, computers, and systems from virus and spyware threats is more than just running anti-virus software. Like an onion, you should have layers of protection.
• Client Software
• Server Software
• Central Administration
• Network Monitoring
• Incident Response
As a general rule, you or your employees should not be logging in to your computers, on a day to day basis, as Administrators. By default when setting up new accounts inside of Windows the Computer Administrator option is set. Initially this isn't a bad thing, each employee manages his/her own computer. The problem with logging into and using your computer as the Administrator every day is that if a virus or bad piece of software comes through Email or the Internet you are running it has the Administrator of the machine. That gives it full-run of the computer.
Limiting employees (and yourself) to the Power User or Limited User role will help protect your computers. The trade-off with this security comes with some inconvenience when it is time to update or add new software. Some old programs do not like running as a limited user either. Create and use an Administrator account sparingly to deal with these situations.
Client software like Norton, McAfee, or AVG help with protecting the individual computers. They require frequent updates to make sure they have the latest Anti-Virus Signatures. These can be set to automatically download and update. Scanning the computers on a regular basis, such as once a day or a couple times a week, is wise. Do not forget to update with Windows and Office at www.update.microsoft.com/microsoftupdate
. Running a local software firewall like Windows Firewall or even Norton 360 is also a good idea.
Use the server versions of Norton and McAfee to protect your file/print servers. There are also Mail Server versions of Anti-Virus and Spam software to ensure your email is safe too. Be sure to update all your servers with latest patches and service packs. Review the audit logs on a routine basis. Also, remove/shutdown unused services and ports that could pose a target. If you aren't using the server for Email or Web pages, make sure those services or ports aren't running.
Both Norton and McAfee have Enterprise Administration products. These tools let you manage the Signature Updates, Scan Settings, and watch for Virus Outbreaks from 1 central console. This is very handy when your business and employee numbers start to grow. These tools can identify computers that need anti-virus updating or show which computer may already have a virus. This lets you target your resources to fixing problems before they take over the other computers. Using software like Microsoft System Center can identify and patch computers as soon as the updates are available.
As your business scales upward, so should your layers of security to protect your employees and systems. Software like Snort can be configured to watch the network traffic and identify trends or spot real-time incoming threats. Pare together other Scanning Products like Microsoft Baseline Security Analyzer, System Center, Nessus, Shavlik’s NetChk, etc. These can be used to scan/monitor the network and will round out your arsenal of protection. At this point a Firewall or Proxy server is probably a good idea too. Both systems can help reduce your company’s visible network to the world and assist in monitoring what is happening inside your network.
Do you or your employees know what to do when if they get a virus? Having a plan to walk through the steps is critical to saving valuable data and time. Don’t ignore a problem, viruses don’t go away by themselves. Just leaving the computer can infect the surrounding machines or simply cause too much hassle and downtime for that employee. But how do you know if a computer has a virus? Microsoft has a quick check list: KB 129972
. Things like: The computer runs slower than usual, or the computer stops responding, or it locks up frequently or the computer crashes, and then it restarts every few minutes. One of the first steps is to Identify the Problem. You can’t fix it, if you don’t know about it. Then decide if the problem is critical. Can it wait until later? Is the employee or computer essential to business operations? How many resources should be thrown in to fixing the problem? And don’t forget to document the problem and the fix action. Lessons learned from each problem resolution can often be applied to future issues and speed up their correction.
Managing one or two employees and computers needn't be too difficult. But as your business grows so does the complexity of the computing environment. Don’t lose money by ignoring problems that may get bigger and more troublesome.
This article is intended as a simple overview to show how complex an environment can get. If you would like more information, please contact me. I am more than happy to provide assistance or further details.