Secure your computers

If malicious software infects your computer equipment it can corrupt your files and can allow others to access your confidential business information.

Having up-to-date security software installed and activated, securing your internet connections and services and understanding and managing the emails and files you do receive or download can help reduce the risks.

Backing-up you data can also help you recover your information if a virus destroys your files, or your computer is stolen or damaged.

A firewall monitors all incoming and outgoing traffic on your computer using a predefined set of rules. A firewall can block information or access requests that do not conform to these rules.

Hardware firewalls

Many computers and other hardware such as routers and modems have built-in firewall capabilities. These firewalls can be effective with little or no configuration.

• For businesses with broadband connections, the dual function modem-router provides connectivity to the internet and the ability to restrict inbound and outbound connections in the same way as a firewall.
• Routers use private address ranges by default for the internal network as an additional security feature which helps protect computers and servers on your business network.

If you have doubts about hardware firewalls on any device in your business, talk to an expert or look up the website of the hardware vendor and do a search for the term 'firewall'. For further information about how to set up the firewall on your broadband router, see the factsheet, Securely configure your broadband router

Software firewalls

Software firewalls can be installed on your computer and can be configured according to your needs. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your computer. Software firewalls may also incorporate privacy controls and web content filtering.

• Before installing your software firewall check what system resources it will require to run and any incompatibilities with your operating system. A good software firewall will run in the background and use only a small amount of system resources.
• Software firewalls will only protect the computer they are installed on. If your have more than one computer on your home network or connected to the internet you will need to install a software firewall on each one.
• It is important to configure your firewall properly so it can protect your computer. Some firewalls have tutorials that can help you configure your firewall properly. You can also look into the help section in your firewall program.
• It is important to monitor a software firewall once it is installed. Check it is still connected and working correctly and download any updates available from the software vendor.

There is a wide range of firewall software available that provides a good level of protection. Some software is available as 'freeware', i.e. at no cost to home users, although some of these may have fewer functions. For further information on free security software for personal (non-commercial) use see:

Free security software (PDF, 616KB)

Install and use anti-virus and anti-spyware software

Most computers bought in the last few years have trial anti-virus and anti-spyware software already installed on them. There are also many commercial and free products available.

For a list of non-commercial anti-virus and anti-spyware software and more information on protecting you computer, please see:

• Protecting your computer from malicious code
• Free security software (Microsoft Windows XP and Microsoft Windows Vista)

If you have a legitimate Microsoft Windows licence you can install Windows Defender anti-spyware free of charge.

Once you have installed your security software, make sure it is always turned on. When the subscription is due, renew your software or replace it with a similar product.

Scan USB sticks and turn off autorun

You should always be wary of USB sticks, especially those from unfamiliar or untrustworthy sources such as conferences, trade shows, or in promotional packs. These devices may contain malicious software which could cause severe damage to your computer or compromise your personal information. There are a number of cases of this occurring in Australia and overseas, some of which even involved the inadvertent distribution of infected USB sticks by otherwise reputable organisations.

If you must use a USB stick from an unfamiliar source, you should always scan the USB stick for viruses or other malware before accessing any of its content. You should also disable the autorun function, which is commonly enabled on the Microsoft Windows operating system. This will lessen the risk that any malicious software that may be on the USB stick, will automatically start when you connect it to your computer.  

If your business does not use passwords at all, or uses passwords that are easy to guess or easy to crack, then an intruder to your office, or someone who steals a laptop or other mobile device could access your business files and email.

The security of your business relies on all staff using strong passwords. Develop a password protection system for your business. You and your staff should:

• avoid passwords that would be readily identifiable or easy for anyone to guess (such as family names, birth dates)
• create passwords that use:
• a minimum eight characters
• a mix of upper and lower case letters
• at least one numeral, and
• at least one symbol.
• avoid using dictionary or foreign words because hackers have many tools, such as dictionary programs, to assist them. A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password

You should also ensure you staff:

• memorise passwords and do not write down them down or store them in easy to find places or file on or near the computer
• use a completely new password every time they change their password and never reuse old passwords
• never share password with anyone
• never send their password via email
  
  Read more on setting and protecting passwords.

Ensure that any wireless access that you have to your network is secured with encryption. Hackers can use an unsecured wireless connection to access your network, even from outside your building.

If you use a wireless network:

• change the default SSID and administration username and password
• turn off your SSID broadcast
• turn encryption on and use the strongest encryption option available
• restrict access so that only specific computers or devices can access the network
• turn off remote access.
• turn off your wireless connection when you are not using it.
  Read more about securing your wireless network.

• Keep servers, switches and hubs under lock and key.
• Monitor and limit access to server rooms.
• Consider fire and flood risks as well as theft.
• Keep server rooms cool
• Ensure server rooms have redundant power supplies

Server security tips

• Seek expert advice from a trusted supplier.
• Restrict the number of administrator passwords.
• Consider using a hardware firewall for your servers
• For servers running Microsoft operating systems, run Microsoft Baseline Security Analyser for security advice.
• As with desktop PCs, servers need a firewall, regular updates and anti-virus software.
• Don't use a server as an employee's workstation.
• Read server reports, such as security logs, and monitor for changes and irregularities.
• Make sure you have a rapid response maintenance contract for any servers.
• Regularly back up server data and keep back-up data secure and only available to authorised personnel.
• Factor in redundancy in your server set up.