Basic Computer System Security

© Copyright Carter McNamara, MBA, PhD, Authenticity Consulting, LLC.

There are two kinds of security: data and break-in. Data security is addressed by having a good
backup system (see next section on computer security). Break-in security is often a matter of
using passwords to files or systems where possible, locking systems in offices and managing
modem dial-in. Have the modem on only when sending or receiving.

1. To avoid losing information stored on your computers when, e.g., a disk breaks (or "crashes"),
ensure that computer files are regularly backed up to another media, e.g., backed up onto
magnetic tapes, "zip" disk, CD-ROM, etc. Store the media offsite, that is, in a facility other than
at your organization. If a disk crashes, you can repair the disk or get a new one and then restore
the information from the backup media onto the new disk.Or, if backup media cannot be
afforded (most are only a few hundred dollars), ensure files are stored on at least two different
media devices, e.g., stored on an internal hard disk and then also on a diskette. Using a diskette
as backup simply requires the computer user to occasionally save away his or her file to the
diskette in addition to the hard disk. The same diskette can be used to backup files. Label the
diskette with the time period during which files were backed up to it. Note that the major
software applications themselves (Word, Excel, etc.) do not have to be backed up because the
organization usually has the software application's master diskettes. The most important items to
backup are usually database files, spreadsheet files and large documents written by users.
Conducting regular backups is more a matter of managerial policy than technical limitations.

2. Use electrical surge protectors to ensure your computers will not experience sudden surges of
electricity, e.g., during storms, if the quality of your electricity in your building is poor, or is the
computer is turned off and on.

3. Protect unauthorized access to computer files by using passwords to log-on to your system, if
possible. Critical files can be copied onto two different diskettes (with one as a backup for the
other) and both stored in locked drawers. Be sure to label the diskettes such that you'll recognize
them later by the name on the diskette label.

4. Ensure that computers remain working as much as possible (that is, maximum their uptime) by
recording and testing detailed procedures for all routine, but critical, tasks performed by staff on
the computers and associated peripherals, e.g., for computer backups and restores, fixing
recurring problems, etc. Locate and label the procedures in a central location of which all staff
are aware.

5. Develop competent internal technical support personnel who can help others to conduct basic
activities on the computers and who can call outside consultants for troubleshooting when
needed. Have one or two internal people who are designated as technical support contacts for
other staff members.
6. Instruct staff to report all problems to the internal technical support people. That way, the
internal people are aware of all problems and are more likely to detect oncoming problems as
early as possible. They also become better trained at detecting and diagnosing problems.

7. Record all important phone numbers for technical support consultants or contacts, and ensure
staff can find these numbers when needed.

8. Keep all software documentation, such as manuals and guides, stored in a central location
where staff can find them. Post a sheet on the wall so they can check documents out and for
control to ensure they are returned.

9. Promptly register all new software with the vendor to ensure you receive notification of
regular software version updates and your eligibility to call the vendors for technical support if
needed.

10. Keep the serial numbers of all software packages in a clearly visible place for ease of
reference when calling the software vendor's technical support. (The vendor usually will ask you
for the serial number to verify that you indeed purchased the software.)

11. Note that if you dissemble your computer hardware, you risk losing coverage of your
warranty. During your warranty period (which often covers labor during the first 90 days and
hardware during the first one or two years), always call the vendor as soon as you suspect any
problems. Problems usually occur during the first several weeks if they occur at all.

12. Be sure to install a virus detector on your system. The detector should automatically check
any new data brought into your system, for example, from diskettes, downloaded from the
Internet, etc.

13. Develop a disaster recovery plan. The plan should address contingencies. It should include
procedures to respond to, e.g., if a disk crashes, if the computer quits working, if the network is
down, if the building is somehow destroyed, etc.