Although security tools may help reduce risks, everyday activities by computer users in your office may compromise security. Find out what activities make your system vulnerable and take measures to avoid them.
 

Instant Messaging

Peer-to-Peer Networks and File Sharing

E-mail

Internet

Passwords

Any CPA knows the loss of a single key computer file can mean the loss of hours and hours of work – and possibly the loss of a valuable client. Protecting computers from viruses, hackers and other threats is critical, yet many people who think they are protected are actually still at risk.

Although security tools such as antivirus software, personal firewalls and intrusion detection tools greatly reduce security risks, they cannot completely protect a computer or network from attacks. Computer users themselves perform many simple, everyday activities that continually compromise the security of their computer networks and open vulnerabilities that can lead to devastating losses of important data, financial damage and exposure of confidential information. Worms, viruses and Trojan horses can inflict damage ranging from file deletion to stealing passwords and data. Consequences such as these can be very costly for accountants who regularly use their computers to perform their jobs.

Being informed about security issues is critical for protecting important data from unnecessary risk, which could have a direct impact on productivity, revenue and information security. The worst thing accounting firms can do is have a false sense of security just because they have taken steps to secure IT systems with technology. Individual computer users within these firms should be aware of common security mistakes and take measures to avoid them.

Instant Messaging (IM)

Instant messaging has become a staple for tens of millions of Internet users and can be an important tool for business and accounting communications. However, instant messaging can also present a variety of security vulnerabilities.

Most instant messaging systems, such as Microsoft’s MSN Messenger, America Online’s Instant Messenger, ICQ and IRC were designed for scalability rather than security. Virtually all free, consumer-oriented systems lack encryption capabilities and most have features to bypass traditional corporate firewalls, making it difficult for administrators to control their use inside an organization. Such programs that allow repeated file transfers can quickly and easily cause the spread of viruses, worms and Trojan horses.

The best protection against any threat spread through IM file transfers is to deploy up-to-date antivirus software on all desktop and laptop computers – preferably with protection for IM applications.

Peer-to-Peer Networks and File Sharing

Many peer-to-peer networks and file sharing programs such as Kazaa open a user’s computer to spyware that allows authors of the program and other network users to see what an employee is doing and where he or she is visiting on the Internet. Spyware intruders can even gain access to an employee’s computer resources without his or her knowledge. Downloading seemingly harmless files from file sharing networks is also a major threat as some worms and viruses can mask their file extensions as common music files.

Employees must be informed and responsible computer users. They should use caution when downloading files and remain wary of suspicious files that could possibly be infected.

E-mail

One of the biggest threats from computer worms and viruses comes through e-mail attachments. If an employee opens unsolicited e-mail attachments or does not scan attached documents for a virus before opening them, a computer or network becomes vulnerable to attacks.

Computer users should never open suspicious or unexpected e-mails or attachments. Antivirus software should be installed on each computer, including laptops, to help detect viruses in e-mail attachments. In addition, organizations should frequently update virus definitions that help identify and deal with viruses.

If firms rely solely on employees to keep their virus definitions updated instead of relying on a manageable enterprise antivirus solution that ensures policy enforcement and current updates, they risk infection even if they do scan for viruses before opening attachments. Without updated virus definitions, attachments with new and unrecognizable viruses may not be detected and malicious files may be unknowingly downloaded onto a computer.

Internet

While surfing the Internet may be a common pastime, computer users often download more than they anticipate.

Web surfing increases the opportunity of visiting sites that use ActiveX or Java computer languages. Most popular sites using these languages take security measures to protect visitors. However, these languages can be used to create malicious code that can communicate directly with a user’s machine and give hackers access to computer data – even an entire network. Downloading free software or screen savers from unknown sources also compromises a computer system as these files may mask a virus, worm or Trojan horse.

Computers with constant Internet connection such as DSL or cable are particularly susceptible to hacker attempts. This constant connection to large amounts of bandwidth allow for easier outside access to unprotected computers.

Firewalls can block unauthorized access to a computer and prevent unauthorized information from leaving a computer. In addition, intrusion detection software can alert the computer user when an attempt is made to gain access to the computer and its information.

Passwords

Computer files and networks are often protected by passwords as a security precaution, but weak passwords can be a major vulnerability and make it easy for unauthorized users to gain access to seemingly secure files or computers.

Choosing strong passwords is simple and costs nothing, so this practice should be consistently enforced among employees. Passwords should be six to eight characters in length and include letters, numbers and symbols. They should never be names, common words or important dates such as birthdays or anniversaries.

Employees should also be discouraged from sharing passwords. A carefree attitude toward password privacy can make it that much easier for an outsider to trick an employee into disclosing their password via phone or e-mail.

Leaving employees uninformed about security issues can expose an accounting firm to unnecessary risk that could have a direct impact on corporate revenue, workforce productivity and the costs of doing business.

Most firms spend a great deal of time and money to protect their networks from outsider threat, yet some of the most devastating threats to computer security have come from inside individuals who unknowingly opened computer networks to attack. It’s like leaving the windows or doors of a building unlocked, virtually inviting robbers to come in as they please.

Security technology alone cannot secure an organization. Ultimately, end-user actions can still compromise network security. All it takes is one careless, uninformed person to open a firm to unnecessary risk. Lack of understanding of general, safe computing practices and information system use is a common problem. The best protection, aside from security software that blocks common attacks, is well-informed employees and common sense.

About the Author

Tom Powledge is the director of product management for the Client and Host Security Division at Symantec Corp. Powledge works closely with the product development team to determine product strategy and analyze industry trends and customer needs. He is also responsible for competitive assessment, product positioning and pricing.

Top