1 Iteratioal Chamber of Commerce The world busiess orgaizatio Securig your busiess A compaio for small or etrepreeurial compaies to the 2002 OECD Guidelies for the security of etworks ad iformatio systems: Towards a culture of security INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 1
2 Published i July 2004 by INTERNATIONAL CHAMBER OF COMMERCE The world busiess orgaizatio 38, Cours Albert 1er Paris, Frace Copyright 2004 Busiess ad Idustry Advisory Committee to the OECD (BIAC) ad Iteratioal Chamber of Commerce All rights reserved. No part of this work may be reproduced or copied i ay form or by ay meas graphic electroic or mechaical icludig photocopyig recordig, tapig or iformatio retrieval systems without writte permissio of ICC. 2 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
3 FOREWORD Every compay, o matter how small or where it is based, has a role to play i creatig a global culture of security. What is a culture of security? It exists whe every participat i the iformatio society, appropriately to their role, is aware of the relevat security risks ad prevetative measures, assumes resposibility ad takes steps to improve the security of their iformatio systems ad etworks. But how ca small compaies, or those i developig coutries, kow what their role is ad how to play their part? This guide is addressed to small ad etrepreeurial compaies with limited iformatio techology resources. BIAC ad ICC cosulted members aroud the world to come up with a way to explai the key poits of iformatio security to o-techical people whose first resposibility is ruig a busiess. Drawig o the priciples of the OECD Guidelies for the security of iformatio systems ad etworks: Towards a culture of security, busiess experts* have produced a practical guide o how to make good iformatio security practice as familiar ad ituitive as the steps we take to physically secure our busiesses. Iformatio security issues ad resources for small ad etrepreeurial compaies shows that the questios we routiely ask ourselves before buyig ay ew product What do I really eed it to do? How well will it work with what I already have? How do I lear eough about it to get the best performace? are just as relevat to iformatio security. It helps busiess people ask the right questios to make sure their software ad hardware, ad their busiess processes ad procedures, work together to keep the busiess secure. Tacklig iformatio security ca seem itimidatig, especially if you re ot a techical perso. But this guide shows that the key is beig able to ask the right questios ad act promptly ad decisively o the aswers. * We draw particular attetio to the cosiderable draftig work of Jeremy Ward, Director of Service Developmet, Symatec U.K. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 3
4 We ecourage people ruig etrepreeurial busiesses all aroud the world to use this guide ad the resources it poits to, ad take the first step towards makig your busiess security-aware ad security-assured. Joseph Alhadeff Vice-Chair, BIAC Committee o Iformatio Computer ad Commuicatios Policy; Chairma, BIAC Task Force o Iformatio Security; Vice Presidet for Global Public Policy, Oracle Talal Abu-Ghazaleh Chairma, ICC Commissio o E-Busiess, IT ad Telecoms; Presidet, Talal Abu-Ghazaleh Iteratioal, Arab states 4 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
5 TABLE OF CONTENTS Foreword... 3 I. Itroductio... 7 II. Dispellig the myths, possible solutios ad a call to actio... 8 Myth...8 Possible solutios...9 Call to actio III. The OECD Iformatio Security Guidelies the path forward The OECD Guidelies How is the culture of security relevat to me? What does this guide do? IV. The Guidelies ad their applicability Foudatio Priciples Social Priciples Security Lifecycle Priciples V. Security checklist path forward Usig the priciples What you should kow What you eed to do INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 5
6 What you should kow Uderstadig the importace of iformatio to your busiess (Awareess) Uderstadig iformatio security related assets (Risk assessmet) 17 Uderstadig how assets are used, by whom ad for what reaso (Awareess) Uderstadig security maagemet (Awareess) Uderstadig your broader obligatios (Resposibility) Summary What you eed to do security basics Security Policy Security Stadards The path forward INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
7 I. INTRODUCTION Networks ad iformatio systems have become essetial to busiesses both large ad small. They hold the promise of expaded markets ad overall ecoomic growth. But these opportuities deped o the security of those etworks ad iformatio systems. Eve busiesses that cosider themselves less depedet o computers eed to be active i esurig their iformatio security. Every busiess that uses a computer eeds to be a participat i the global drive toward a culture of security. Everyoe has a role to play i securig the iformatio o the systems ad etworks they cotrol. The role played should be appropriate to the busiess s resources, ad will chage with the ature ad sesitivity of the iformatio ivolved. I the past, iformatio security was ot ofte see as essetial or eve relevat to smaller busiesses i both developed ad developig coutries. Now, the iterdepedece of differet commuicatio ifrastructures ad busiess models mea that all busiesses are potetially itercoected. So, it is imperative that everyoe play their role i the global culture of security. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 7
8 II. DISPELLING THE MYTHS, POSSIBLE SOLUTIONS AND A CALL TO ACTION Myth Security is importat for large eterprises, but ot for a small compay like mie. False! Security is essetial for large eterprises that provide access to systems ad etworks for hudreds or thousads of people. But it is also a importat cocer for a small or medium sized eterprise. If you aswer yes to ay of the questios below, the security is a importat issue for you. Is ay of your importat compay or persoal iformatio (whether yours or that of employees, customers, cotractors or parters) stored o a computer? Do you or your employees access ay importat iformatio (icludig bakig, credit card, supplier or delivery iformatio) across a iteral etwork? Do you have a compay website? Do you or your employees use the Iteret at work? Do you or your employees use at work? Could your orgaizatio survive if it lost the use of its computers for several days or loger? If you aswered yes to oe or more of these questios, the the security of etworks ad iformatio systems is a essetial part of your busiess. You eed to take steps to review the security of your systems ad etworks ad make sure that it is up to the task. Also, it is essetial for all computer users to take proper precautios i order to avoid causig problems for others. 8 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
9 Possible solutios OK, so I eed to cosider security, but what ca I do? We re ot a techology compay, I do t have a IT departmet, ad I m ot a techical expert. Ufortuately, igorace is o excuse for iactio. I these days of higher levels of etwork coectivity ad itelliget viruses, iformatio o a usecured system ca be quickly compromised, or the system itself ca be used as a lauchig poit for attacks o other systems ad etworks. Eve if you re ot a expert, you still eed to take steps to protect your compay ad others. Eve with limited resources ad expertise, there is much you ca do to help secure your system ad etwork access. Cosider the questios below. Are you takig these steps? Do you have a firewall o your computer if you have Iteret access (especially broadbad access)? Do you have software to detect ad destroy viruses trasmitted by or i documets? Is security a importat criterio whe you choose software or service providers? Do you uderstad the security fuctios of the software ad hardware you already have? Has ayoe i your compay take a computer course to become more familiar with these fuctios? If you have the resources ad it s appropriate, have you cosulted a local expert o the cofiguratio ad deploymet of your IT system? Have you checked if there are resources or iformatio from govermet, a local trade associatio or chamber of commerce that relate to computer security? Have you take steps to physically secure your computers, especially laptops ad portable devices? Do you regularly back-up data off-site? Ad test your back-ups? Do you require your employees to use passwords? INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 9
10 Do the passwords used cotai both letters ad umbers? Are passwords kept securely (ot writte dow or shared, for example) ad chaged at least every three moths? Do you try to trai your employees o iformatio security? Have you told your admiistrative support ad receptio staff what iformatio they may ad may ot give to callers ad visitors? Call to actio All these thigs apply to my busiess, but it souds overwhelmig! Like ay challege, security i its etirety ca seem overwhelmig. This guide provides you with a roadmap for how to start ad what questios to ask. However, there is o oe-size-fits-all security solutio. Ad there is o free magic bullet. Iformatio security costs both time ad compay resources. But security is a essetial part of doig busiess today. Iformatio security may require some specialist kowledge, but the approach is ot all that differet from how you maitai the physical security of your busiess. For example, whe you istalled the doors ad locks o your premises, you probably cosidered the followig factors: Usability Fuctioality Security Reliability Cost Maiteace Your systems ad etwork access are o differet. Choosig ad istallig geeral software applicatios ad specific iformatio security measures requires the same calculatio of factors ad costs. The steps you take to esure the physical security of your busiess probably seem like secod ature. But they are a leared respose to kow threats ad vulerabilities. Locked doors, secure filig cabiets, ad a safe or cash register are all security steps that we take for grated as just part of doig busiess. Securig our etworks ad iformatio systems should be o differet. 10 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
11 Just as with other purchases, good iformatio security requires both iitial effort ad ogoig checks. You eed to do your research before buyig security software, hardware or maiteace services. While you should expect the techology to work well, you still eed to carry out the right checks to esure that it s workig correctly. Appropriate features must be set ad adapted to work with your existig computers, software ad etwork coectios. May security vulerabilities are created whe people istall a ew applicatio ad simply leave all the default settigs i place, makig them much easier for uauthorized users to maipulate. It may seem complicated or overwhelmig at first, but over time your actios will become so familiar ad automatic that they costitute a culture of security. No oe expects people ruig small busiesses to review software code or uderstad the itricate workigs of hardware. But you ca ad should read the relevat iformatio, ask pertiet questios ad get explaatios of issues that do t seem clear. By takig the iitiative ad showig that security is importat to your busiess, you ca go a log way to makig sure that your iformatio systems develop i a secure way. I some cases, for example whe makig sigificat chages to your iformatio systems, you may eed expert assistace i the iitial cofiguratio ad deploymet of the system. It is essetial to keep askig the experts what they are doig ad why, ad to satisfy yourself that the choices made reflect your busiess eeds ad improve the iformatio security of your busiess. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 11
12 III. THE OECD INFORMATION SECURITY GUIDELINES THE PATH FORWARD The OECD Guidelies O 25 July 2002, the OECD Coucil adopted the OECD Guidelies for the security of iformatio systems ad etworks: Towards a culture of security ( the Guidelies ) 1. The Guidelies address the itercoectivity ad evolvig risks of the et-worked ecoomy. Util quite recetly, iformatio security was a specialist issue of little direct iterest to most people. Today, coutries critical ifrastructures (icludig eergy, water, ad commuicatios) rely o iformatio systems, makig iformatio security a key cocer for govermets, busiess ad citizes. This chage is reflected i the ew subtitle of the Guidelies, towards a culture of security, ad the fact that they are directed to ALL participats i the iformatio society, as appropriate to their roles. The Guidelies are basic ad succict, to make them uderstad-able to everyoe. Private busiesses ow ad operate most of the world s iformatio systems ad ifrastructure. They therefore have a clear respo-sibility to the overall developmet ad promotio of iformatio security. This eeds to be uderstood at the highest levels of compaies. BIAC ad ICC developed Iformatio Assurace for Executives 2 as a primer o security issues to help high-level executives put these issues i cotext ad eable them to direct IT staff ad specialists appropriately. Iformatio Assurace for Executives elaborates o the Guidelies to show their relevace to the busiess commuity. 1 The 2002 Guidelies are a updated versio of the OECD Security Guidelies first issued i Available at 12 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
13 The Guidelies also apply to how smaller compaies deal with security issues i a way that is appropriate to their role, size, resources ad sector. The priciples i the Guidelies ad Iformatio Security Assurace for Executives are applicable to all busiesses. This guide, Iformatio security issues ad resources for small ad etrepreeurial compaies, elaborates o the OECD priciples to make them relevat to smaller compaies i both developed ad developig coutries. How is the culture of security relevat to me? The culture of security meas that we all have a role to play i improvig global iformatio security, ad that each participat i the iformatio society has a set of appropriate security resposibilities ad behaviours, depedig o their role ad situatio. Through learig ad practice, security-improvig behaviours should become ituitive so that we are all part of a truly global culture of security. For example, i a culture of security, ati-virus software should always be used to scree icomig messages ad files, ad be kept up-to-date so that ew viruses ca be elimiated. I a culture of security, passwords ad other autheticatio procedures are kept secret so that they remai effective. A culture of security meas that these ad other behaviours become as automatic ad commo-sese as lookig both ways before crossig the road. What does this guide do? Buildig upo the previous OECD ad ICC/BIAC work, Iformatio security issues ad resources for small ad etrepreeurial compaies follows the format of the OECD Guidelies. This guide: shows the cocept behid each of the Guidelie priciples; highlights examples of the priciples beig applied i practice; suggests factors to be cosidered whe deployig security solutios. This guide will help smaller busiesses to idetify ad respod to security issues. However, the guide caot determie the best security solutio for a particular compay as this depeds o factors icludig: INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 13
14 size ad resources of the busiess; sesitivity of the iformatio beig secured; risks faced by the busiess i terms of exteral coectivity (potetial exposure to threats) ad hardware ad software used (potetial umber of vulerabilities); This guide helps you to be better iformed about the questios you eed to ask, ad should improve your uderstadig of the types of security solutios available to your compay. It is supplemeted by a set of olie liks to security resources aroud the world. 14 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
15 IV. THE GUIDELINES AND THEIR APPLICABILITY The ie Priciples i the Guidelies ca be cosidered i three mai categories as follows: Foudatio Priciples Awareess what you should kow. Resposibility what you should be doig. Respose how you should react to security icidets i a timely ad cooperative way. Social Priciples Ethics what is appropriate i behaviour that affects others. Democracy geeral respect for rights ad freedoms. Security Lifecycle Priciples Risk assessmet uderstad threats ad vulerabilities to your systems, processes ad employees. Security desig ad implemetatio how you ca select ad deploy hardware ad software. Security maagemet maagig security over time ad throughout the busiess. Reassessmet security is a cotiuig process, ot a oe-time solutio. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 15
16 V. SECURITY CHECKLIST PATH FORWARD Usig the priciples This sectio follows the OECD Guidelies, but re-arrages their priciples to help the practical cosideratio, decisio-makig ad implemetatio ivolved i good security practice. The words or phrases i brackets refer to the relevat priciple i the OECD Guidelies. This guide focuses o two simple categories; what you should kow, ad what you eed to do. What you should kow What do I eed to kow about iformatio security i my compay? (Awareess) How ca I uderstad threats to, vulerabilities of, ad the effect o, my systems, processes ad employees? (Risk assessmet). What is expected of me based o the size ad ature of my busiess? (Resposibility). What social obligatios must I be aware of? (Ethics ad democracy) What you eed to do Creatig ad implemetig a security policy (Security desig ad implemetatio) Factors that I should cosider i selectig ad implemetig solutios (Security desig ad implemetatio). Developig ad implemetig practices ad procedures (Security maagemet / awareess). How to deal with icidets (Respose). Review ad improvemet of processes ad systems (Reassessmet). This guide is comprised maily of checklists ad possible solutios. As security is ot a oe-size-fits-all solutio, you eed to determie your requiremets based o the eeds of your busiess, the type of iformatio you hadle ad the ature of your techical ifrastructure. 16 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
17 What you should kow Below is a set of checklists to help you assess your iformatio security eeds. Uderstadig the importace of iformatio to your busiess (Awareess) How does the iformatio you use i your busiess relate to your primary busiess objectives? Have you idetified the iformatio that is critical for you to do busiess? What tasks do you perform that ivolve the creatio, processig, storage, use ad trasmissio of that busiess-critical iformatio? What assets do you use to create, process, store ad trasmit that busiess-critical iformatio (for example computers, card-idexes, mobile phoes)? Do you kow what would happe to your busiess if the cofidetiality of those assets was compromised (if, say, a competitor gaied access to them)? Do you kow what would happe to your busiess if the itegrity of those assets was compromised, ad you were uable to trust the iformatio i them? Do you kow what would happe to your busiess if those assets were uavailable to you for a period of a hour, a day, a week or a moth? Usig what you ow kow about the cofidetiality, itegrity ad availability of your compay s iformatio assets, ca you prioritize them? Oce you have prioritized iformatio assets i order of their importace to your busiess, you will be able to esure that they are give a appropriate degree of protectio. Failig to do this could mea that you will be wastig time ad resources o assets that are ot critical to your busiess; or worse, that busiess-critical iformatio is ot adequately protected. Uderstadig iformatio security related assets (Risk assessmet) Do you have a writte ivetory of your busiess-critical iformatio assets: hardware, software ad itellectual property (such as patets ad cotracts)? INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 17
18 Does that ivetory tell you where the assets ca be foud? Do you regularly update the ivetory ad audit it to esure it is comprehesive ad valid? Are you aware of the security features i the hardware ad software you use, ad do you have appropriate mauals or traiig materials about these features? Has ayoe i the office had previous experiece with these products or take classes o them? Uderstadig how assets are used, by whom ad for what reaso (Awareess) Who i your compay has access to busiess-critical assets? Do your employees use uique passwords to cotrol access to the computer assets they use? Are those passwords kept securely ad chaged regularly? Do you esure that access is give oly for geuie work-related reasos? Do you keep lists of who has access to what, ad do you regularly update those lists? Do you ru a local or wide-area etwork? If so, how do you cotrol access to that etwork? If passwords are used, are these uique to each user, chaged regularly ad kept securely? Do you have Iteret access? If so, do you have broadbad access or dial-up? Which computers / devices i the compay have etwork or Iteret access, ad do you kow who uses these? Do employees have remote access to your etwork (either from home or o the road). How do employees gai access to your etwork whe they are workig remotely? Uderstadig security maagemet (Awareess) Read the followig list of security techologies ad ask yourself; which are you aware of, ad which do you use? firewalls ad VPN (Virtual Private Networks) access, authorizatio ad autheticatio cotrols 18 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
19 ati-virus measures spam filters software patches Iteret cotet cotrol etwork-security policy compliace tools vulerability ad threat databases cryptography tools such as SSL, public-key cryptography ad harddisk-ecryptio itrusio detectio systems. Do you regularly back up your busiess-critical data? Do you test the back-ups, restorig the data from them ad makig sure it s usable? Is your data backed up off site o a regular basis? Do you regularly patch ay vulerabilities i the software you use? Do employees usig laptops or other computers for remote access have ati-virus software ad firewalls o those computers? Do you allow employees to use the compay s computers, systems or etwork access for o-busiess purposes? If so, do you make it clear to them that certai uses are uacceptable ad may result i discipliary actio? Do you provide ay security educatio or traiig for employees who use the compay s computers or iformatio systems? Do you have ay policies, stadards or procedures related to security? Uderstadig your broader obligatios (Resposibility) Are you familiar with legal requiremets related to securig certai types of iformatio (fiacial services iformatio, health iformatio, all types of data covered by your local data protectio law / regulatios icludig persoal data, moey lauderig/ati-terrorism requiremets)? This may ivolve privacy legislatio as well as sectoral regulatio. I some cases, especially where persoal, sesitive or cofidetial iformatio is ivolved, you may be required to provide a miimum level of protectio for that iformatio, irrespective of the size of your compay. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 19
20 Are you familiar with the rights of employees i the workplace? Some laws may limit your access to certai types of employee iformatio ad commuicatios, or require otice or coset before you are able to access real or virtual iformatio held i a employee s workspace. Are you aware of your role regardig the security of others? The security of iformatio systems is complex because busiesses are coected to each other directly ad through the Iteret, creatig iterdepedecies ad spreadig risk. Failig to properly secure your system may ot just compromise ad potetially harm your busiess; it ca icrease the risk of other systems to which you are coected. Greater risk could result from virus programmes usig your cotact lists to spread further, or from malicious programs usig your usecured etworked computer to attack or sed spam to other systems or computers. Do your employees uderstad what is appropriate behaviour o the Iteret? This goes beyod ot dowloadig or postig illegal, iappropriate or offesive material, ad icludes geeral coduct that is i keepig with the values ad ethical practices of your busiess. Summary The first five steps to kowig about good iformatio security are: 1. Assess your busiess objectives, iformatio-related tasks ad critical iformatio assets ad thus your risk. 2. Idetify ad make a ivetory of your busiess-critical iformatio assets. 3. Kow who accesses those iformatio assets, how ad why. 4. Fid out how to improve the secure maagemet of those iformatio assets. 5. Get to kow your broader obligatios i the use of your iformatio assets ad i relatio to society as a whole. Havig take these steps, you will be i a good positio to implemet some of the security basics outlied i the ext sectio. 20 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
21 What you eed to do security basics Below is a set of checklists to help you desig, implemet, maage ad cotiually reassess the iformatio security strategy of your busiess. Security policy (Security desig ad implemetatio / security maagemet) A simple ad clear iformatio security policy is essetial. It should be as short as possible o more tha a few pages ad should be give to all employees. As each busiess is uique, your compay security policy eeds to be tailored to the eeds of your busiess. The policy should iclude the followig statemets: Iformatio is vital to our busiess. We protect the cofidetiality, itegrity ad availability of our busiesscritical iformatio. We have stadards that help do this, icludig: physical security persoel security access cotrols security techology security respose ad recovery, ad security audits. We have procedures that help us to meet our stadards. Employees should be familiar with the procedures relevat to their roles ad resposibilities. We take discipliary measures agaist employees who persistetly or deliberately flout these iformatio security policies, stadards ad procedures. The policy should say where details of the stadards ad procedures ca be foud. Security stadards (Security desig ad implemetatio / security maagemet / respose / reassessmet) The stadards listed i the security policy sectio above are examied i more detail below. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 21
22 Physical security (Security desig ad implemetatio) Fit appropriate locks or other physical cotrols to the doors ad widows of rooms where you keep your computers. Physically secure laptops whe they are uatteded (for example, by lockig them i a drawer overight). Esure that you cotrol ad secure all removable media, such as removable hard-drives, CDs, floppy disks ad USB drives, attached to your busiess-critical assets. Make sure that you destroy or remove all busiess-critical iformatio from media such as CDs ad floppy disks before disposig of them. Keep i mid that simply deletig a file might ot be eough to make it completely urecoverable. Make sure that all busiess-critical iformatio is removed from the hard drives of ay used computers before you dispose of them. Store back-ups of your busiess-critical iformatio either off-site or i a fire ad water-proof cotaier. Access cotrols (Security desig ad implemetatio / security maagemet) Use uique passwords that are ot obvious (ot birth dates or easily foud or guessed iformatio) ad chage them regularly, preferably every three moths. Use passwords that cotai letters i both upper ad lower case, umbers ad special keys, ad are six or more characters i legth. It helps if you cosider your password as a memorable setece, rather tha a sigle word. For example the setece: at forty-two I m a star! could be traslated ito a eight-character password that looks like Do t write your password dow, ad ever share it with ayoe. If you do have to share it, make sure you chage it as soo as possible o matter how well you trust the perso you shared it with! 22 INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES
23 Security techology (Security desig ad implemetatio) All computers used i your busiess should have ati-virus software istalled, ad the virus defiitios must be updated at least oce a week (may providers have a oe-click update). All icomig ad outgoig traffic should be scaed for viruses, as should ay disk or CD that is used, eve if it is from a trusted source. At least oce a moth, ad preferably every day, computers should be scaed for viruses. If your computers are coected to the Iteret, ad especially if you use a broadbad coectio, you must deploy a software fire-wall. This will help to prevet malicious code from eterig your computer ad potetially compromisig the cofidetiality, itegrity ad availability of your etwork. It will also help to stop your system beig used to attack other systems without your kowledge. Software firewalls for use by o-professioals are readily available at a reasoable cost. Your operatig system, virus cotrol software or Iteret Service Provider may also offer a firewall. Cosumer ad popular trade magazies compare firewall fuctios ad features of well kow products, ad so are a good source of iformatio. Free shareware firewalls are available, but these usually require expert kowledge for correct use. System updates/patchig: Complex software will always cotai vulerabilities. Crimial hackers may attempt to exploit these vulerabilities, ad the oly way to protect yourself is to apply the patches software vedors provide. For example, computer users who applied a security patch made available well i advace of the Sasser attack were immue to that worm. If possible, set your system to automatically update by dowloadig patches whe available, or at least esure that you apply patches as quickly as possible. If your busiess has a small iteral etwork that is coected to the Iteret, you should cosider deployig a all-i-oe hardware box that cotais a firewall, ati-virus program ad a itrusio detectio system. This will greatly simplify your use ad maiteace of essetial Iteret security techology. INFORMATION SECURITY ISSUES AND RESOURCES FOR SMALL AND ENTREPRENEURIAL COMPANIES 23
Olie Bakig & The Iteret of Thigs Our icreasigly iteretcoected future will mea better bakig ad added security resposibilities for all of us. FROM DESKTOPS TO SMARTWATCHS Just a few years ago, Americas coducted
IT Support IT Support Premier Choice Iteret has bee providig reliable, proactive & affordable IT Support solutios to compaies based i Lodo ad the South East of Eglad sice 2002. Our goal is to provide our
Makig traiig work for your busiess Itegratig core skills of laguage, literacy ad umeracy ito geeral workplace traiig makes sese. The iformatio i this pamphlet will help you pla for ad build a successful
Office of the Privacy Commissioer of Caada PIPEDA Privacy Guide for Small Busiesses: The Basics Privacy is the best policy Hadlig privacy cocers correctly ca help improve your orgaizatio s reputatio. Whe
Professioal Networkig 1. Lear from people who ve bee where you are. Oe of your best resources for etworkig is alumi from your school. They ve take the classes you have take, they have bee o the job market
STRATEGIC OUTCOMES PRACTICE TECHNICAL ADVISORY BULLETIN February 2011 FIRE PROTECTION SYSTEM INSPECTION, TESTING AND MAINTENANCE PROGRAMS www.willis.com Natioal Fire Protectio Associatio (NFPA) #25 a mai
Flood Emergecy Respose Pla This reprit is made available for iformatioal purposes oly i support of the isurace relatioship betwee FM Global ad its cliets. This iformatio does ot chage or supplemet policy
1 SUMMARY OF COVER CONTRACT WORKS summary of cover CONTRACT WORKS INSURANCE This documet details the cover we ca provide for our commercial or church policyholders whe udertakig buildig or reovatio works.
CREATIVE MARKETING PROJECT 2016 The Creative Marketig Project is a chapter project that develops i chapter members a aalytical ad creative approach to the marketig process, actively egages chapter members
FME Server Security Table of Cotets FME Server Autheticatio - Access Cotrol Default Security Active Directory Trusted Autheticatio Guest User or Aoymous (u-autheticated) Loggig Out Authorizatio - Roles
Saudi Aramco Suppliers Safety Maagemet System SAFETY is Protectio (if oly we follow the rules) ''To live each day ijury ad violatio free, o ad off the job'' Foreword Foreword Saudi Aramco has developed
ODBC Gettig Started With Sage Timberlie Office ODBC NOTICE This documet ad the Sage Timberlie Office software may be used oly i accordace with the accompayig Sage Timberlie Office Ed User Licese Agreemet.
Ideate, Ic. Traiig News 2014v1 Ideate, Ic. Traiig Solutios to Give you the Leadig Edge New Packages For All Your Traiig Needs! Bill Johso Seior MEP - Applicatio Specialist Revit MEP Fudametals Ad More!
GOOD PRACTICE CHECKLIST FOR INTERPRETERS WORKING WITH DOMESTIC VIOLENCE SITUATIONS I the sprig of 2008, Stadig Together agaist Domestic Violece carried out a piece of collaborative work o domestic violece
Maual Widows 7 Eterprise Desktop Support Techicia (70-685) 1-800-418-6789 Domai 1: Idetifyig Cause of ad Resolvig Desktop Applicatio Issues Idetifyig ad Resolvig New Software Istallatio Issues This sectio
PUBLIC RELATIONS PROJECT 2016 The purpose of the Public Relatios Project is to provide a opportuity for the chapter members to demostrate the kowledge ad skills eeded i plaig, orgaizig, implemetig ad evaluatig
1/5 The Frech Govermet has three objectives : > improve Frace s fiscal competitiveess > cosolidate R&D activities > make Frace a attractive coutry for iovatio Tax icetives have become a key elemet of public
Public Procuremet Practice STANDARD The decisio to lease or purchase should be cosidered o a case-by case evaluatio of comparative costs ad other factors. 1 Procuremet should coduct a cost/ beefit aalysis
Itegrated Productio ad Ivetory Cotrol System MRP ad MRP II Framework of Maufacturig System Ivetory cotrol, productio schedulig, capacity plaig ad fiacial ad busiess decisios i a productio system are iterrelated.
New editio Jauary 2009 Are you worried about your mortgage? Get advice ow If you are strugglig to pay your mortgage, or you thik it will be difficult to pay more whe your fixed-rate deal eds, act ow to
Wells Fargo Isurace Services Claim Cosultig Capabilities Claim Cosultig Claims are a uwelcome part of America busiess. I a recet survey coducted by Fulbright & Jaworski L.L.P., large U.S. compaies face
Maual VMware Lesso 1: Uderstadig the VMware Product Lie I this lesso, you will first lear what virtualizatio is. Next, you ll explore the products offered by VMware that provide virtualizatio services.
Presetatio to DVClub commuity October 20 th 2015 Safety Requiremets egieerig ad Proof of implemetatio Test ad Verificatio Solutios Deliverig Tailored Solutios for Hardware Verificatio ad Software Testig
IT Maagemet Optios Security Redefied Flexible Offerigs Peace of Mid Secure Data Ceters SymQuest has two compliat SSAE-16 Secure Data Ceters (SDC) located i South Burligto, VT ad Westbrook, ME. Our ifrastructure
Roles of Pharmacists IN MANAGED HEALTH CARE ORGANIZATIONS Drug Distributio ad Dispesig Patiet Safety Cliical Program Developmet Commuicatio with Patiets, Prescribers ad Pharmacists Drug Beefit Desig Busiess
Iformatio about Bakruptcy Isolvecy Service of Irelad Seirbhís Dócmhaieachta a héirea Isolvecy Service of Irelad Seirbhís Dócmhaieachta a héirea What is the? The Isolvecy Service of Irelad () is a idepedet
FIRST AID AT WORK What is First Aid? First aid is the immediate care give to a perso who is ijured or who suddely becomes ill. It ca rage from cleaig a cut ad applyig a badage to helpig someoe who is chokig
Maual Security+ Domai 1 Network Security Every etwork is uique, ad architecturally defied physically by its equipmet ad coectios, ad logically through the applicatios, services, ad idustries it serves.
For customers Key features of the Guarateed Pesio Auity The Fiacial Coduct Authority is a fiacial services regulator. It requires us, Aego, to give you this importat iformatio to help you to decide whether
3G Security VoIP Wi-Fi IP Telephoy Routig/Switchig Uified Commuicatios NetVata Busiess Networkig Solutios Opportuity to lower Total Cost of Owership ad improve Retur o Ivestmet The ADTRAN Advatage ADTRAN
Health ad Safety Maagig cotractors A guide for employers This is a free-to-dowload, web-friedly versio of HSG159 (First editio, published 1997). This versio has bee adapted for olie use from HSE s curret
Pre-Suit Collectio Strategies Writte by Charles PT Phoeix How to Decide Whether to Pursue Collectio Calculatig the Value of Collectio As with ay busiess litigatio, all factors associated with the process
The Forgotte Middle Esurig that All Studets Are o Target for College ad Career Readiess before High School Executive Summary Today, college readiess also meas career readiess. While ot every high school
Eterprise Access Cotrol System Egieered for Flexibility Modular Solutio The Eterprise Access Cotrol System is a modular solutio for maagig access poits. Employig a variety of hardware optios, system maagemet
INDEPENDENT BUSINESS PLAN EVENT 2016 The Idepedet Busiess Pla Evet ivolves the developmet of a comprehesive proposal to start a ew busiess. Ay type of busiess may be used. The Idepedet Busiess Pla Evet
Safeguardig Taxpayer Data A GUIDE FOR YOUR BUSINESS 1 Cotets The Need to Safeguard Taxpayer Data...3 Gettig Started...5 Puttig Safeguards i Place...6 Checklists 1 Admiistrative Activities...7 2 Facilities
BaaERP 5.0c Maufacturig Egieerig Data Maagemet Module Procedure UP128A US Documetiformatio Documet Documet code : UP128A US Documet group : User Documetatio Documet title : Egieerig Data Maagemet Applicatio/Package
How To Fid FINANCING For Your Busiess Oe of the most difficult tasks faced by the maagemet team of small busiesses today is fidig adequate fiacig for curret operatios i order to support ew ad ogoig cotracts.
City of Okapariga Small Busiess Evirometal Maagemet Solutios Busiess SA is the leadig busiess orgaisatio i South Australia. It works hard o behalf of busiess to ifluece govermet decisios, attract ivestmets
INTERNATIONAL BUSINESS PLAN EVENT 2016 The Iteratioal Busiess Pla Evet ivolves the developmet of a proposal to start a ew busiess veture i a iteratioal settig. Ay type of busiess may be used. The purpose
Iformatio for Programs Seekig Iitial Accreditatio Aswers to Frequetly- Asked-Questios (from www.abet.org/ew-to-accreditatio/) Assurig Quality l Stimulatig Iovatio This documet iteds to aswer may of the
QUADRO tech PST Flightdeck Put your PST Migratio o autopilot Put your PST Migratio o Autopilot A moder aircraft hardly remids its pilots of the early days of air traffic. It is desiged to eable flyig as
The Caadia Coucil of Professioal Egieers Providig leadership which advaces the quality of life through the creative, resposible ad progressive applicatio of egieerig priciples i a global cotext Egieerig
Saudi Aramco Suppliers Safety Maagemet System SAFETY is Protectio (if oly we follow the rules) ''To live each day ijury ad violatio free o ad off the job'' Foreword Foreword Muir M. Rafie Vice Presidet,
iprox sesors iprox iductive sesors iprox programmig tools ProxView programmig software iprox the world s most versatile proximity sesor The world s most versatile proximity sesor Eato s iproxe is syoymous
Hadlig the Collectio Calls We do everythig we ca to stop collectio calls; however, i the early part of our represetatio, you ca expect some of these calls to cotiue. We uderstad that the first few moths
Maual CCNA Domai 1 Compoets of the Cisco Uified Commuicatios Architecture Uified Commuicatios (UC) Eviromet Cisco has itroduced what they call the Uified Commuicatios Eviromet which is used to separate
CCH Accoutats Starter Pack We may be a bit smaller, but fudametally we re o differet to ay other accoutig practice. Util ow, smaller firms have faced a stark choice: Buy cheaply, kowig that the practice
March 2008 Pesios Legal Alert Amedmets to employer debt Regulatios The Govermet has at last issued Regulatios which will amed the law as to employer debts uder s75 Pesios Act 1995. The amedig Regulatios
PRICE BAILEY CHARITIES & NOT FOR PROFIT THE RIGHT ADVICE FOR LIFE OUR EXPERTISE To arrage a meetig with a member of for more iformatio about Price Bailey, At Price Bailey, we recogise that charity ad ot-for-profit
Documet Cotrol Solutios State of the art software The beefits of Assai Assai Software Services provides leadig edge Documet Cotrol ad Maagemet System software for oil ad gas, egieerig ad costructio. AssaiDCMS
Ati-Moey Lauderig Over the last year, moey-lauderig crimes siphoed a estimated $1.3 trillio out of the global ecoomy.* I light of this staggerig statistic, the resultig striget legislatio is uderstadable.
News SOLELY FOR BENEFIT December 2012 BOARD OF DIRECTORS PRESIDENT Tret White Pharmacists Associatio of Newfoudlad ad Labrador (PANL) SECRETARY/TREASURER Price Edward Islad Pharmacists Associatio (PEI)
Prescribig costs i primary care LONDON: The Statioery Office 13.50 Ordered by the House of Commos to be prited o 14 May 2007 REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 454 Sessio 2006-2007 18 May
Xataro Maiteace Services & Operatios XTAC User Guide UK Editio XTAC WORKFLOW The Xataro Techical Assistace Cetre (XTAC) is the cetral iterface for all techical questios ad topics for products ad services
A Guide to Better Postal Services Procuremet A GUIDE TO better POSTAL SERVICES PROCUREMENT itroductio The NAO has published a report aimed at improvig the procuremet of postal services i the public sector
Smart Coected Products & The Iteret of Thigs Who we are Taget delivers Talet Globally. Established for 40 years we specialise i delivery of iovative & tailored talet solutios to customers aroud the world.
G r a d e 5 M a t h e M a t i c s Patters ad relatios Grade 5: Patters ad Relatios (Patters) (5.PR.1) Edurig Uderstadigs: Number patters ad relatioships ca be represeted usig variables. Geeral Outcome:
Extedig Your Maagemet Reach to Remote Users White Paper LANDESK WHITE PAPER : Extedig Your Maagemet Reach to Remote Users Table of Cotets Executive Summary... 3 Obstacles to Cost-Effective Remote Maagemet...
FLEXIBLE GUARANTEE BOND SERIES 2 Key features of the Flexible Guaratee Bod Series 2 The Fiacial Coduct Authority is a fiacial services regulator. It requires us, LV=, to give you this importat iformatio
IvetoryCotrol The Complete Ivetory Trackig Solutio for Small Busiesses Regular Logo 4C Productivity Solutios for Small Busiesses Logo Outlie Get i cotrol of your ivetory with Wasp Ivetory Cotrol the complete
Ivestig i Stocks Ivestig i Stocks Busiesses sell shares of stock to ivestors as a way to raise moey to fiace expasio, pay off debt ad provide operatig capital. Ecoomic coditios: Employmet, iflatio, ivetory
Istitute of Fiace Diploma i Secretarial Admiistratio Awarded by the Lodo Chamber of Commerce ad Idustry (LCCI) Startig October 2007 ope for erollmet from July 2007 Be smart start right eroll ow! Eglish
6. p o s I T I v e r e I f o r c e M e T The way positive reiforcemet is carried out is more importat tha the amout. B.F. Skier We all eed positive reiforcemet. Whether or ot we are cosciously aware of
Appedix B: Third-Party Tools I This Chapter Cosideratios The Tools Cosideratios Obviously, beig able to desig, prepare, ad implemet effective disaster recovery strategies for your SharePoit eviromet is
Uiceter TCPaccess FTP Server Release Summary r6.1 SP2 K02213-2E This documetatio ad related computer software program (hereiafter referred to as the Documetatio ) is for the ed user s iformatioal purposes
How to set up your GMC Olie accout Mai title Itroductio GMC Olie is a secure part of our website that allows you to maage your registratio with us. Over 100,000 doctors already use GMC Olie. We wat every
PENSION ANNUITY Policy Coditios Documet referece: PPAS1(7) This is a importat documet. Please keep it i a safe place. Pesio Auity Policy Coditios Welcome to LV=, ad thak you for choosig our Pesio Auity.
Deceased orga doatio Let's talk about it Table of Cotets Itroductio Why orga doatio is so importat Facig the facts Kidey trasplats are highly successful What exactly is deceased doatio? What orgas ca be
Maual Widows Domai 1: Cofigurig Domai Name System (DNS) for Active Directory Cofigure zoes I Domai Name System (DNS), a DNS amespace ca be divided ito zoes. The zoes store ame iformatio about oe or more
BUSINESS GROWTH PLAN EVENT 2016 The Busiess Growth Pla ivolves the idea geeratio ad strategy developmet eeded to grow a existig busiess. Participats i the Busiess Growth Pla will aalyze their curret busiess
Solvig Iequalities Say Thaks to the Authors Click http://www.ck12.org/saythaks (No sig i required) To access a customizable versio of this book, as well as other iteractive cotet, visit www.ck12.org CK-12
The Scottish Govermet Health Delivery Directorate Improvemet & Support Team Natioal Improvemet Programmes: Buildig o the Experiece IST have bee ruig atioal improvemet programmes that egage with every NHS
ELECTRICIAN ANNUAL ELECTRICAL MEMBERSHIP ONLY 288 (icludig VAT) CERTIFICATION FOR ELECTRICIANS Part P/Domestic, Commercial, Coditioig Reports, PAT Testig & Third Party Stroma Certificatio - 2016 - v1.5
WIPO-MOST Itermediate Traiig Course o Practical Itellectual Property Issues i Busiess November 10 to 14, 2003 Patetability of Computer Software ad Busiess Methods Tomoko Miyamoto Patet Law Sectio Patet
Your consent to our cookies if you continue to use this website.