Replies to This Discussion

Permalink Reply by George Ojode on June 12, 2012 at 5:15pm

Cleopa,

Data security is critical to Telecentres. To ensure security, networks (LANs) should be established with different levels of access and permissions to folders, subfolders, computers and other devices. We have also put in place a firewall to monitor traffic in and out during surfing. Some rooms are also locked especially where the server and backups devices are, restricted.

• ▶ Reply

Permalink Reply by Cleopa Timon Otieno on June 12, 2012 at 6:01pm

Thanks George for these insights, very clear and well put.

• ▶ Reply

Permalink Reply by Seu Yapa on June 15, 2012 at 1:46pm

Dear Cleo, thank you very much for the Flavor of the month forum. I would like to share an article on '10 easy steps on securing our PCs'. Hope our telecentre community will find it useful and interesting.
Thank you.

Source: http://howto.cnet.com/

How to secure your PC in 10 easy steps

Use encryption, keep your software up-to-date, disable images in e-mail, scan e-mail attachments for viruses, use a nonadministrator Windows account, scan for viruses manually, and use a secure-erase utility to destroy old data.

by Dennis O'Reilly

There's one thing you can do to avoid being the victim of identity theft: follow this 10-step PC security plan.

 

Encrypt your network connection
Most popular sites offer HTTPS connections at least some of the time. In Gmail, click the gear icon in the top-right corner and select "Always use https" under the General tab.

To select Facebook's HTTPS setting, click the down arrow in the top-right corner and choose Account settings. Select Security in the left pane and Edit in the Secure Browsing section of the main window. Check "Browse Facebook on a secure connection (https) when possible" and click Save Changes to activate the feature.

Choose Facebook's HTTPS option by clicking "Browse Facebook on a secure connection (https) when possible."

(Credit: Screenshot by Dennis O'Reilly)

The Electronic Frontier Foundation's HTTPS Everywhere extension for Firefoxdoesn't encrypt every page you browse to, but it automatically requests an encrypted connection for those sites that support HTTPS and that have been added to the program's rules.

After you install HTTPS Everywhere, the extension's icon appears in the top-right corner of Firefox. Click it to view the encrypted and nonencrypted content served by the current page.

The Electronic Frontier Foundation's HTTPS Everywhere extension for Firefox shows the encrypted and nonencrypted content on the current page.

(Credit: Screenshot by Dennis O'Reilly)

As the EFF's HTTPS Everywhere FAQpoints out, HTTPS Everywhere doesn't work with every site and may conflict with some wireless networks, but the free add-on is a handy tool in your browser-security arsenal.

Encrypt sensitive files stored locally
The file-encryption features built into Windows and Mac OS leave much to be desired. Microsoft explains how to use Windows 7's encryption on its Help and How-tosite.

The Apple Support site describes Mac OS X 10.6's FileVault encryption feature, and Macworld's Roman Loyola provides a primer on Mac OS Lion's FileVault 2.

These are far from your only encryption choices. In the past I have recommended the free TrueCrypt utility, but the program can be difficult to use. The Tech Support Alertsite lists the best free encryption programs for Windows, many of which integrate with Windows Explorer.

Encrypt private information stored in the cloud
Is the data you store in the cloud safe? If you ask cloud-storage vendors, it is. But earlier this year The Economisttook a critical look at the security of the popular Dropbox online-storage service. The article concludes that while the service may have overstated its security policies, it is safe enough for "casual" users.

In June 2009 I reviewed three free encrypted online storage services, and last April I compared Amazon's Cloud Drive and Box.net.

Use a free VPN service to protect public Wi-Fi connections
Even if you only occasionally sign in to Web accounts over a public Wi-Fi link, you can prevent lurking snoops by using a free VPN service to secure the connection. In a post from last February I wrote about the SecurityKISSVPN service that's easy to use and registration-free. The people commenting on that post recommended several other free VPN alternatives.

Prevent keystroke loggers, other data snoops
Computer criminals look for that path of least resistance, so they tend to attack the most vulnerable systems. To avoid being one of their victims, make sure your firewall and real-time antivirus software are working, and keep all your software up-to-date.

To ensure your Windows 7 PC's defenses are raised, run through the security checklist on the Microsoft Help and How-to site. The company's free Security Essentialsprogram provides the real-time malware protection your system requires.

Last May I described three free services that automatically scan your system for outdated programs. My choice is Secunia's Personal Software Inspector, which provides an overall system score and a threat rating for each unpatched program on your PC.

Perform a manual virus scan with the free Malwarebytes Anti-Malware
Even with automatic software updates and regularly scheduled malware scans, viruses can sneak through your defenses. That's why it's a good idea to use Malwarebytes' free Anti-Malware program to scan your system manually. The utility was one of the security tools I covered in last September's post titled "How to prevent identity theft."

Disable images in e-mail
The people who send you e-mail may know when you open their messages and click links they contain. Programs such as Zendio, which I reviewed last month, pose a serious security threat, especially considering that the program also discloses your general location (via your IP address) when the message is opened.

To thwart e-mail snoops, disable images in your received messages. This prevents the HTML beacons used by the spies from being activated.

In October 2008 I described how to "View HTML mail from trusted senders, plain text from others." A month later I explained how to send and receive plain text mail in Outlook--one of the tips in "Four essential tweaks keep Outlook safe and simple."

In Gmail, click the settings icon in the top-right corner, choose Mail settings, and select "Ask before displaying external content."

Block spying beacons embedded in the messages you receive by setting Gmail to ask before displaying external content.

(Credit: Screenshot by Dennis O'Reilly)

Be wary of e-mail attachments
The recent increase in spear phishing has made it more difficult to trust that an e-mail was actually sent by the person whose name appears in the From: field. A post in April titled "E-mail security: Back on the front burner" described the safe way to open e-mail attachments: right-click downloaded files and choose the option to scan the file manually with whatever security program you use.

Use a standard (nonadministrator) account in Windows
Nine times out of ten you use your Windows PC without installing a new program, changing any settings, or performing some other action that requires an administrator account. Yet few people use a standard Windows account, which is one of the best ways to keep malware from infecting your system.

To create a standard account in Windows 7, press the Windows key, type user accounts, press Enter, click "Manage another account," and choose "Create new account." Give the account a name, select the "Standard user" option, and click Create Account. The account will appear on the Welcome screen the next time you start Windows.

The Microsoft Help and How-to site provides more information about the benefits of using a standard user account (in Vista and in Windows 7).

Destroy old data
The last time you donated an old computer or recycled a storage device, you probably didn't worry about someone stealing your identity by lifting sensitive data off the machine. It may not happen often, but it happens.

In a post from March 2009 I described "The right way to destroy an old hard drive." As one commenter to that article pointed out, most people don't need to resort to drill presses, sledgehammers, or sandpaper on the drive platter.

A simpler and safer approach that's just as effective is to run a free secure-erase utility. The Tech Support Alert site describes several such products, including the program I mentioned in the 2009 article, Darik's Boot and Nuke (DBAN), which comes in a version that runs off floppy disks and USB flash drives and another that runs off a CD or a DVD.

• ▶ Reply

Permalink Reply by Cleopa Timon Otieno on June 15, 2012 at 2:23pm

Fabulous Seu, thanks a great deal for sharing this very useful resource.

• ▶ Reply

Permalink Reply by George Ojode on June 21, 2012 at 7:15pm

Thanks Seu for that detailed procedures, in fact some of them I've tagged as "Must Try". The last one of destroying old data is very true as people tend to ignore and look old data as insignificant not knowing that others can use the same old data to affect an organization in a negative way.

• ▶ Reply

Permalink Reply by George Ojode on July 3, 2012 at 4:07pm

I think this also appropriate:

Ten Cybersecurity Tips

Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need cybersecurity tools and tactics to protect themselves, their customers, and their data from growing cyber threats. Here are ten key cybersecurity tips for businesses to protect themselves:

1. Train employees in security principles
Establish basic security practices to protect sensitive business information and communicate them to all employees on a regular basis. Establish rules of behavior describing how to handle and protect customer information and other vital data. Clearly detail the penalties for violating business cybersecurity policies.

2. Protect information, computers and networks from viruses, spyware and other malicious code. Install, use and regularly update antivirus and antispyware software on every computer used in your business. Such software is readily available online from a variety of vendors. Most software packages now offer subscriptions to "security service" applications, which provide additional layers of protection. Set the antivirus software to automatically check for updates at a scheduled time of low computer usage, such as at night (midnight, for example), and then set the software to do a scan after the software update.

3. Provide firewall security for your Internet connection
A firewall is set of related programs that prevent outsiders from accessing data on a private network. Install and maintain firewalls between your internal network and the Internet. If employees work from home, ensure that their home systems are protected by firewalls. Install firewalls on all computers including laptops used in conducting your business.

4. Download and install software updates for your operating systems and applications as they become available
All operating system vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

5. Make backup copies of important business data and information.
Regularly backup the data on every computer used in your business. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.

6. Control physical access to your computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.

7. Secure your Wi-Fi networks
If you have a Wi-Fi network for your workplace make sure it is secure and hidden. To hide your Wi-Fi network, set-up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). In addition, make sure to turn on the encryption so that passwords are required for access. Lastly, it is critical to change the administrative password that was on the device when it was first purchased.

8. Require individual user accounts for each employee
Setup a separate account for each individual and require that strong passwords be used for each account. Administrative privileges should only be given to trusted IT staff and key personnel.

9. Limit employee access to data and information, and limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Regularly change passwords
Passwords that stay the same, will, over time, be shared and become common knowledge to coworkers and can be easily hacked. Passwords should be changed at least every three months.

• ▶ Reply