«

»

Sep 05

Your Top 10 Security Steps to Protect Your Data, Part 8


7. Install, run, and upgrade anti-virus software


Because most computers have Internet access, they are vulnerable to viruses being transmitted through email attachments. Make sure all employees run anti-virus checking software regularly, and that they are aware of typical virus warning signs. Employees should scan all files before copying or downloading them to their computer, and they should never open unsolicited attachments, even if they’re from someone they know.
Discourage the use of company computers for any personal business, and items like pictures, music files, and so forth. Also discourage any dowloading of software into the system, which can often carry adware or malware.

8. Test your security measures
It is important to test all scenarios to make sure user accounts are working as expected with all sharing technologies.
For example:
•Open the file using different user accounts and test each privilege set that you create. Make sure the restrictions work as planned, and make any needed corrections to your privilege sets.
•Test navigation and scripts with all user accounts. Because accounts might have different privileges, consider that access to some features, like layouts, tables, and script steps might not work for all users.
•If users are accessing your databases a variety of ways, for example, on the web with Instant Web Publishing, XML, or another internet programming language, test accounts from those technologies as well.
•If you’re publishing files on the web, open scripts and enable web compatibility settings to ensure that all steps are supported. If your scripts contain steps that are not web-compatible, there should be a set of script steps you can take to determine how subsequent steps are handled.
•Test for unexpected results. For example, open files with different user accounts, and attempt to perform actions that users are not authorized to perform. Consider removing access to privilege sets where possible.
•Recruit other trustworthy developers to try to access your data inappropriately.
•Run tests periodically, not just during development, but after deployment as well, on a regular basis to make sure there are no holes or gaps in your system.

Leave a Reply