First Annual Hunger and Homelessness Awareness Week Slated
2010 Year-End Audit and Tax Planning Tips for Low-Income Housing Tax Credit Partnerships

Practical IT Security - 10 Tips for Success


Information technology most likely plays a large role in the day to day operations of your property. There are several steps you and your employees can take to safeguard the electronic information of your properties.

A great article was recently written by David Hammarberg, our Director of IT. Dave’s article was recently published on our McKonomics blog, but here is a repost of the entire article.

The world of information technology has a great many facets. There are a variety of considerations relative to security, software, applications, operating systems, and other areas. However, regardless of the technology you're using, there are foundational areas that must be considered for any computing environment. These are the basics of security; these are the 10 tips for success.

1. Passwords

Passwords are vital to securing any access. A password is like a key or combination lock, the more complex the combination, the better a lock will be. Each password should be unique to the device, website, or asset you want to protect. What could happen if someone knew your password?  What-if scenarios will help you to decide how strong you want to make your password.

2. Antivirus and Malware

You do not want to have to have these on your computer. Period. What could go wrong if your computer was infected? How much time would you lose? When it comes to malware, prevention is far better than dealing with the problem after the fact. Install trusted antivirus software, run periodic scans, and train employees on web surfing and e-mail habits so you can help to prevent this problem from happening.

3. System Patching

Over time, operating systems' vulnerabilities are identified and if you do not patch your system, then your system will become more and more vulnerable over time. By applying patches as needed, you reduce the risk you have to these vulnerabilities. These are usually free and far easier to apply than the security breach is to fix.

4. Logical and User Access

User access is all about giving someone access and control to data and processes. The question you should ask is: do you want the wrong people to have access?  It is far easier to ensure users have the correct access before it is a problem than to deal with the aftermath of a security violation. Have a policy in place to review user access and review user rights for powerful users annually.

5. Automate Your Security

Computers are cool and will work for you without sleep for days on end. Setting up systems to monitor your technology and notify you of high risk security violations will help you to prevent and respond to any problems as they happen or before they happen. It can be as easy as setting up a policy, tracking items centrally, and configuring notifications for IT staff. The first step is to decide what to monitor.

6. Portable Media

In the world today, technology continues to get smaller and smaller. More and more data can be stored on devices ranging from hard drives the size of your thumb to cell phones to laptops. Securing data on these types of devices includes educating users on what and how to store data, as well as how to secure the device itself. A lost cell phone or laptop can be lost time, lost customers, and a turn into a security concern as well as possible government fines. Encryption, passwords, antivirus, and remote wipe capability are all possible solutions to this risk.

7. Laptop Security

While we just mentioned portable media, laptops are worth mentioning again. Given how much a laptop is used, what we save to it, and how its loss could significantly impact one's life, it bears repeating: protect your laptop!  Encrypt the hard drive, use passwords, lock it to your desk at work, or your bed in your hotel room. Don't leave it in your car!  While these little things may seem time consuming, imagine how much time and effort you will invest if your laptop is stolen.

8. Backups

With the price of storage as low as ever, making copies of data is cheap and easy with today's technology. It is important to decide what data to backup, the frequency of the backup (e.g. daily, weekly, monthly), and how long to keep your copies. It can be as easy as it sounds, and having a backup copy is far better than trying to recreate all the data you lost or going without.

9. Get Training

Knowledge does one of two things over time: it either becomes fuzzy (e.g. we forget) or it changes (e.g. we no longer think madness is caused by the moon). Reminders are good for everyone at every level to help us reincorporate different priorities appropriately and act accordingly. It is better to be reminded and not need the reminder; you can't use information you don't have. As such, annual IT training to review high risks (e.g. antivirus, email habits) is a good thing and helps enforce your company's focus on security by spending time with employees. Common sense can be taught, but it requires some class time.

10. Plan

Planning should be the first step in addressing your IT risks, but discussing the risks (items #1 through 9) helps to lay the ground work for what the plan ought to include. Study after study shows that proper planning will help to ensure you meet your objectives and waste less time doing so.

Take the time to review what you want to achieve with information technology, and what risks you want to avoid so you can know how to best act. Your right action will bring right results, and more importantly, peace of mind, as well.

To learn more about steps you can take to secure your IT environment, we have a checklist available. Contact David Hammarberg at, IT Director with McKonly & Asbury, for the checklist or with any questions you may have.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)