Internet Access and Your Business
Managing the risks, exploiting the benefits.
Introduction
Firstly, I want to dispel any idea that getting your business online is inherently dangerous. It isn't. Viruses, spyware, and other infections can make their way onto your system via the Internet. However, if your network is properly protected and maintained, the risk can be minimised. Some network owners prefer to keep their network completely isolated from the outside world, in order, they believe, to keep it clean. An isolated network does not get its updates, is not able to be properly maintained, and software cannot be properly patched. It may seem counter-intuitive, but in fact an isolated network may be more at risk than a connected network that is properly maintained. Windows XP when first released, was very vulnerable to attack. Microsoft updates and Service Packs close these vulnerabilities s they are discovered. Eventually someone may introduce a CD or flash drive, or other medium to that isolated network that allows a virus onto it. If the machines have never been updated, this may prove catastrophic. More often, network owners have isolated networks, but allow one machine on that network to have Internet access via dialup or broadband, for particular usage, often email. They imagine that limiting the access to that one machine, and installing some Anti-Virus onto it, will limit their "exposure". It does not achieve this. Many viruses are able to transfer around networks easily, once infected, the Internet-connected machine will most likely pass the infection to the other PCs on the network. Since they have never been updated, and have no anti-virus protection, they may be very badly affected. The greatest threat posed by virus attack is performance and stability. Most viruses are not actually destructive of data, but because of their behavior, can cause massive slowdown on the network. Prevention is much better than cure, and there is more to this than Anti-Virus software.
Administrator rights
One of the most effective ways of denying viruses access to your machines is by preventing casual use of administrator rights on your client and server machines. Most poorly implemented networks do not limit user rights to the network, and every logon to every Windows machine is done under the administrator logon, or an account with administrator privileges. If that user then clicks on a virus infected email attachment, or visits a web page that attempts to install virus program, the virus will run and install itself. Net Therapy networks are not set up like this. The administrator account is a protected account, its password known only by Net Therapy staff, and key staff at the practice. The administrator account is only used to install legitimate software, and change network and system configurations. Everyday use is done under normal, less privileged accounts, that are allowed to use the system, and run the programs on the system, but are not able to install programs or change configurations.
Internet Explorer and Outlook settings
Two of the most common routes for viruses to enter the system are through Outlook or Outlook Express, and through Internet Explorer. Using network enforced security settings, we can prevent unsafe attachments and unsafe websites from installing rogue software onto your computers.
System updates
As already discussed, keeping Windows up to date, especially with the critical updates will help to keep your systems stable and secure.