Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers

Businessweek Archives

Putting a Computer Security Policy in Place

A friend of mine setting up an online printing operation e-mailed me a few weeks ago to ask for advice on setting up formal computer security policies to keep his business safe from intrusion. We went back and forth on the obvious ones—keep antivirus subscriptions current; enable a properly configured firewall; block access to the darker parts on the Internet.

The more we e-mailed, it became clear to both of us that it’s a real predicament for startups that do business on the Internet to ever be safe from hacker attacks. The nature of Web-based threats, drive-by malware downloads, and clever social engineering attacks make it nearly impossible to be fully secure. Having acknowledged that, we narrowed down some must-do items that could help to minimize exposure to risk.

Invest in anti-malware protection and make sure signature databases are current. When evaluating security software, ask about approaches to "whitelisting" (application control), "behavior blocking," and the use of "herd-intelligence."

Stay on top of high-priority patches for Web server and desktop software programs. Be vigilant about software that gets installed on employee computers and stay away from programs without auto-update mechanisms. Pay special attention to patching known vulnerabilities in applications that are constant hacker targets. Some examples include Adobe PDF, Adobe Flash Player, Apple QuickTime, RealPlayer, and WinZip.

Diversify browser usage and make it a policy for employees to use certain browsers for certain sensitive transactions. Microsoft’s Internet Explorer, a popular target for hackers, should be avoided for high-value transactions.

Adopt strong password policies. A strong password should be between 8 and 20 characters and must combine random upper- and lower-case letters, numbers and symbols. The longer and more complex your password is, the harder it is to crack using dictionary-based hacking tools.

Shut off all unnecessary network services and block employees from using targeted social networks like Facebook and MySpace. Hackers prey on the trusted nature of these networks to trick users into installing malware on endpoints. If certain employees don’t need Internet access, don’t provide it.

Be rigid about controlling orphaned accounts. Have a workable system in place to deal with employees leaving the company and make sure that e-mail accounts and access to sensitive parts of the network are promptly shut off.Ryan Naraine

Security Evangelist

Kaspersky Lab, Americas

Woburn, Mass.

blog comments powered by Disqus