by Ted Saul

Once again we’ve reached the beginning of a new year and an excellent time to review your computer security strategy.  You can be sure that “Hackers Monthly”, if there is such a magazine, is publishing tips on the best ways to profit from illegal computer access in 2011.  Business owners must keep their guard up and ready for potential new attacks this coming year.  Here are some thoughts to get you started.

1) Change your administrator and highly privileged account passwords.  Make sure they are twelve to sixteen characters in length and contain uppercase, lowercase, numbers and special characters.  If you must write down these passwords, store them in a secure location such as a safe.

2) Review your backup and business continuity plans being careful that new equipment purchased and installed in 2010 is included.  Did you buy yourself a new laptop this year – be certain it is protected.

3) Consider increasing the level of security implemented at your business.  Do you have appropriate intrusion detection systems in place along with encryption to protect “in-flight” data?  And don’t forget to examine your wireless and removable storage strategies.

4) Review your current security logging scheme to confirm that you are capturing data that will expose failed and successful breeches.  Archive 2010 files by backing them up and storing them in a secure place.

5) Check physical access to your computer systems.  Are they are protected from potential intruders and theft?  Also consider potential disaster scenarios and required fire protection.

6).Perform a walk-through of where employees log in to their computers looking for passwords written down on sticky notes and placed in a “hiding” place.  Hint - look under the keyboard.

7). Provide a refresher training session on “social engineering” and include what it is, how it may be done and the dangers involved.  At the very least, purchase a book on security awareness and make it required reading.

8).If you don’t have one, designate a trusted employee as the security champion.  Consider sending this person to training and allow them to become a certified security professional.

9).Perform an in-depth security audit of your systems.  If you don’t have the time or expertise, consider hiring a third-party to do so. 

10).Encrypt those laptops!  In 2009 nearly 1200 laptops a week were lost at the Los Angeles airport.  Don’t be fooled, the Windows password will not keep a thief from accessing your data.   If you keep data with any value to you or your company on a laptop, encrypt the data so it becomes useless in the wrong hands.

Here’s to safe and secure computing in 2011.

Ted Saul is a Business and Security Consultant specializing in startups and small business.  He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it , TS787 on Twitter or on Linkedin.com.