Computer security has never been more important. Our national critical infrastructure, our work and our private lives depend on a smoothly running digital environment.
This is why it's so important that small businesses and home based networks, as well as large organizations, establish good computer security practices. Luckily, many of these practices also serve as good advice to follow in order to limit the effects of disasters, accidents and cybercrimes other than terrorism.
1. Have a PlanPrepare actionable steps for yourself and other users of your network to follow if your network is attacked or appears to have been. Unlike attacks on physical property, cyber attacks sources can sometimes be difficult to identify. Response plans, therefore, should go into effect as soon as a system appears to have been compromised, and then the source of the problem whether accidental or maliciouscan be sought.
2. Back up Critical Information
Everyone, from the largest corporation to individual users, should have a system for backing up their critical information and databases. This is so crucial it's worth saying again: everyone should have a back up system in place!
And yet, it is rarely necessary to back up an entire system. Instead, individuals and small business will want to select what to back up in case of an attack or disaster.
3. Authenticate Network UsersMake sure your user authentication system is appropriate for your system. If you are a private or home networked user, make sure you change your passwords at least every 90 days. If you run a small organization, make sure that you know who goes in and out of your workplace, virtually and physically. In larger organizations, it is recommended that passwords be combined with physical hardware and well-implemented biometric systems to ensure that computers are accessible only to authorized users.
4. Create Mechanisms for Reporting Problems in the Workplace. Developers, researchers and employees may hesitate to report system problems in environments where they know they will be held responsible for failing to fix them. Both formal reporting mechanisms and an atmosphere of support for full reporting will save companies potentially critical and costly losses.
5. Reduce the System's Vulnerability in an Attack Situation
The object of an attack plan must be to reduce the system's vulnerability. As the Computer Science and Telecommunications Board
has noted, "making systems do less" is the primary way to make them less vulnerable: Reduce the number of users, run less software and limit communication between systems. All of these actions close off possible places where the system has been or can be breached further.
6. Make Sure that Everyone Knows What to Do and ExpectThe day of an apparent attack should not be the first time system operators, managers, and employees see instructions on how to respond. Response plans need to be practiced and made part of an overall prevention strategy. Staging mock attacks or "red teaming" is an excellent way to identify weaknesses and areas to be strengthened in existing response strategies, while reinforcing proper response methods.
7. Prevent Public Relations Crises by Preparing Communications Strategies CSTB has noted that attacks need to be public: "Researchers, developers, and operators need this information to redesign systems and procedures to avoid future incidents, and national security and law enforcement agencies need it to defend the nation ...." Fearing for their reputations, many organizations keep attacks under wraps. This is detrimental to the safety of all. Instead, a well planned communications strategy can both ensure future safety and protect organizations' reputations.
8. Report Attacks to Government Authorities
If you suspect that a terrorist attack is the source of a slowdown or disruption in your system, it should be reported to the United States Computer Emergency Readiness Team (US-CERT). Reports can be made via telephone at 1-888-282-0870 or through their Internet Incident Reporting System
. For the purposes of reporting to the government, an incident is defined as "the act of violating an explicit or implied security policy."