NetAction's Cyber Security Checklist


Use this checklist of computer security basics to assess and improve your computer security practices:

Passwords and user names are your first line of defense in cyber security. Use passwords that are difficult to guess and change them frequently. (If you think you might forget your password, write it down and file it where only you can get to it.) Always remember to logoff when you aren't using your computer. The most basic, and low-tech, security practice is to lock or shut down a computer when it's not in use. If you don't, there's little point in password-protecting your hard drive.

Regular backups are a crucial component of computer security. Documents and other data should be backed up daily. Backed up data can be stored on removable media (such as CDs), on a separate hard drive that is connected to your computer externally, on a tape drive, or on a secure web site. Redundancy is the best strategy: create several backup sets so at least one is stored off site. It's also a good idea to periodically make a full backup of your hard drive so that if your hard drive crashes you won't have to reinstall each software program individually.
Many new computers include CD drives that make data backups easy and affordable. External hard drives that can be disconnected and stored off site are an affordable option for backing up a complete hard drive.

New computer viruses and worms are discovered all the time. Installing and regularly updating your anti-virus software is essential to maintaining the security of your computer files.

Every computer connected to the Internet without a firewall is vulnerable, but the risk is greater if you are using DSL or cable broadband, or are connected to an office network. Because these types of connections are typically always on, malicious hackers can get into your computer and steal confidential information, deface your organization's web site, or use your computer as part of a distributed denial of service (DDoS) attack directed at another server. Firewall software is available from many of the same developers who produce anti-virus software, including Symantec and McAffee.

Email lists are frequent targets of spam, so mailing list security is a high priority. If you are running commercial list software, such as Majordomo, configure your email lists so only the list owner has access to subscribers' addresses. If you are using your email client software, such as Eudora or Outlook, avoid disclosing subscribers' addresses by putting all your recipients' addresses in the "Bcc" field. If you are using an application service provider, such as Topica or Yahoo Groups, make sure the lists are configured to prevent the disclosure of addresses. Also, back up your subscriber list regularly. Those addresses are one of your organization's most important assets!

Nearly everyone stores some data on their computer that is sensitive or confidential. Use passwords and encryption to protect private data. Disable operating system features that allow files to be shared unless it's absolutely necessary, and when you do allow sharing use passwords to ensure that only authorized users have access. If you send or receive confidential data, encrypt your email messages.

Although not strictly a security issue, good disk maintenance is also important. Several software vendors sell utility tools (such as Norton System Works) that can alert you to and fix minor problems, and sometimes even retrieve lost data. Specific maintenance requirements vary, so review the User Guide and check your disk periodically to ensure optimal performance.

Hard drives crash; accidents happen, natural disasters occur without warning. If you depend on computers, disaster planning is a necessity. Start by keeping an up-to-date backup of your hard drive off site, but don't stop there. Inventory your hardware, software and service providers. Ask yourself what it would take to get back online if your office was destroyed in an earthquake or fire. Write it all down and keep a copy with your off site backup. Periodically review your plan to make sure it's up-to-date.