Computer Security Guidelines
For Managers and Business Owners
- Make sure computer security updates are installed as soon as they are available. This includes firmware, operating system, and application software updates. When possible set equipment to install security updates automatically.
- Install a network firewall between your computer equipment and the Internet. The firewall should include the following protection technologies: Stateful Packet Inspection (SPI) for IPv4 and IPv6 protocols, an Intrusion Detection System (IDS), an Intrusion Prevention System (IPS), DNS Block List (DNSBL) protection, IP Block List (IPBL) protection for both IPv4 and IPv6 protocols. We recommend pfSense based firewalls.
- Guard against phishing attacks by providing ongoing anti-phishing training testing for and testing of employees. Let us know if you need help getting this in place.
- Only use computers that provide secure boot protection. With this tamper protection technology all operating system components are cryptographically signed, and then that signature is verified by the hardware when the computer starts. Windows 8.1 and 10 include this, Windows XP, Vista and 7 do not. All ChromeBooks include this. Apple Mac computers with the T2 Security Chip installed include this protection but it must be enabled in Mac OS.
- Make sure your computers are set to auto-lock after multiple bad-passwords attempts.
- Only use software from well-known providers (Microsoft, Adobe, Google, FedEx, your bank, etc.).
- Require employees to use a VPN when accessing business data via public Wi-Fi. We recommend ExpressVPN or your own pfSense based firewall for this.
- Use a cloud backup system to secure critical business data offsite. We recommend Carbonite for desktop computers and AIT Backup for servers.
- Encrypt the hard drives of all computers and servers.
- Enable multi-factor authentication (MFA) for email and business critical services accessed via the Internet (financial institutions, government entities, service and infrastructure utilities, etc.).
- Make sure that the computer accounts used by employees do not have administrative privileges. Administrative accounts should only be used for performing IT tasks such as installing software or reconfiguring equipment.
- Malware on your website is the online equivalent of having criminals setup shop inside your business. Have your website scanned frequently for malware by someone other than the developer or hosting company. We recommend Qualis for this, but you can also do it yourself using the link to the free URL Scanner on our main Security page.
- Provide security guidelines to employees and make sure they adhere to them. See our recommendations here for this.