Computer Security 101 - Part 1 - Introduction

I have worked professionally in the computer industry for almost 20 years now. Throughout this career I have found employment within a plethora of differing companies, as both a W2 employee and contractor. Whether the company was large, medium or small in size, housed hundreds of servers or none, possessed an IT staff to rival Microsoft or none at all, and regardless of the industry, one thing has remained a constant; computer security has been lacking across one or more areas.

Lack of knowledge, lack of funding, lack of training and, pitifully enough, lack of caring are the culprits for this. As Information Systems go further into the 21st century, these culprits are starting to dwindle, but are far from gone. Almost all companies have heard of the need for some level of computer security or another by now, yet still the systems tend to be piecemealed together, assuming they exist at all. I blame this on a lack of knowledge and understanding by the IT professionals, as well as a lack of readily available information on the various security subjects.

Just about every IT person knows you should have a firewall for your Internet connection, even most home users know this; but few of those know how to set it up correctly. This even pertains to many security specialists. Once again, a lack of knowledge and understanding.

"But Andrew," you say, "security systems are expensive. Security training is even more so. We just don't have the budget for this." To which I say, "Yes. Yes you do." Aside from the obvious, "You can not afford NOT to invest in security" (gotta love double negatives), computer security does not have to be expensive, nor should it be.

There are only two things you need to purchase to maintain a good level of security on your computers (aside from the necessities like the computer itself) and those are a good desktop antivirus program (hence forth called client A/V) and a firewall or router. Odds are you have those already or they can be placed in any budget without a second glance. The rest of it is all just best practices (those annoying things everyone talks about, but no one ever says what they are).

That is what I will be covering in this series of blog entries, computer security best practices. It costs nothing upfront but a little time, and saves tons of time on the back-end, while also saving money in the short and long run through reduced break/fix costs, consulting fees, loss of reputation, lawsuits, regulatory fines, etc, etc, etc. For less than 20 minutes per week, you too can have rock-solid abs, umm, I mean a secure network. Best of all, I'm going to give you all that information for free in simple terms that even I can understand. So stay tuned for Part 2 - Passwords.