As BYOD becomes an ever-more accepted part of the everyday scene in the work environment some of the onus of responsibility for the overall security of any business or organisation shifts away from the IT department and onto the shoulders of individual staff. They have to take some responsibility for the security regime applied to whatever device they care to use.
This has come to the fore with the current anxieties over the threats posed by the GozeuS and CryptoLocker trojans. One can only guess at the consequences if a system, infected at home during some idle evening web-browsing, then manages to infect a company environment.
So the Institution of Engineering and Technology (IET) has addressed the issue of what steps individuals need to take in order to maintain their own security and, possibly, the security of their employers’ systems. According to Hugh Boyes, the IET’s cyber security lead, hundreds of thousands of people have little or no security software installed on their machines.
And while it would be easy to assume that most of these do not use their personal computers for work, or connect behind the firewall to corporate networks, experience shows that even the most tech-savvy staff, such as applications developers, can end up with machines loaded to the gills with malware that they do know is present. They assume that their security is `IT’s problem’.
“This is a very serious threat compounded by the fact that too many people have limited security protection on their computers,” Boyes said. “We would encourage Microsoft and Apple to maintain 'forever' security support for their old systems. Machines running these older systems could pose a serious weakness and providing on-going support will be lower-cost compared to fixing things afterwards.
“Unencrypted passwords should never be stored on computers in case they are accessed by Gameover Zeus or another aggressive malware program. If there is a need to store passwords, then use a good password manager application, which backs up and shares with your smartphone or tablet computer.
“One piece of valuable advice that is rarely given is that people should have two separate accounts on their PC – one standard account for normal day-to-day use and one administrator account which should only be used when changes need to be made to the machine, such as installing software or adding printers. The administrator account should not be used for web browsing or accessing emails. This action can prevent approximately 90 per cent of current exploits and attacks.”
Other useful tips the IET proposes, and which maybe should be part of the terms and conditions of employment with many companies, include installing internet security software from companies listed on Get Safe, not open emails unless 100 percent certain that they are authentic, i.e. you know the sender and the email is from them, and making sure internet security software is up-to-date and switched on at all times.
It also suggests making sure the Windows operating system has the latest Microsoft updates applied. If running Microsoft XP, remember that this operating system is no longer being supported and all home and small business users should move onto an alternative operating immediately to reduce the risk of malware infection.
Lastly, it recommends that all applications used have the latest manufacturers' updates applied, all files - including documents, photos, music and bookmarks - are backed up on a separate machine, and that passwords are never stored unmanaged in some way on the user’s computer in case they are accessed by Gameover Zeus or another aggressive malware program.