What you can do to manage network security

Install and update antivirus software
Antivirus software is easy to install and, once running, it constantly checks to prevent infections that could damage or destroy your data across your network. But know that hackers constantly write new viruses and that your antivirus software is effective only if it knows how to find the latest threats. So when you install antivirus software, set it to automatically download updates to catch new viruses. If you bought a new PC that includes antivirus software for a trial period, sign-up when the free period expires to continue getting updates—or invest in another product.

Use software update tools
Software companies like Microsoft have free tools you can use to update your software so it's more secure. For instance, it only requires a few mouse clicks to set Windows XP or Windows Small Business Server to use the Automatic Updates feature. This tool allows Windows to go online automatically to look for and install the latest updates to squelch security threats. Once you turn on Automatic Updates, it requires no further effort on your part. The software will update itself. The Microsoft Office System also has an automatic updating tool.

Install spyware protection
Install and regularly update anti-spyware software, which looks for secretive programs that try to collect your passwords and account numbers. Microsoft has a free Windows AntiSpyware program and a Malicious Software Removal Tool you can use to rid your PCs of unwanted software.

Install a software firewall
A firewall examines data passing into your network and discards it when it fails to meet certain criteria. Software firewalls, such as the Windows Firewall built into Windows XP Professional, protect only the computer they are running on, but provide a good back-up defense to hardware firewalls. It's easy to turn on the Windows Firewall.

Install spam filtering software
Spam is unsolicited commercial e-mail that infiltrates inboxes and can force employees to waste time sorting it. While primarily a nuisance, junk e-mail does carry a risk when it contains attachments that, if opened, could release a virus. Also, some spam falls into the category of "phishing," or tricking recipients into giving away passwords and other valuable information that could put a business at risk. Installing a spam filtering product, or configuring built-in Outlook 2003 junk e-mail filters, can help to significantly reduce spam.

Restrict equipment access
You can improve security by restricting physical access to your servers and networking equipment such as routers and switches. If possible, move these machines into a locked room and help to ensure that only those designated to work on the equipment have keys. This minimizes the chance that someone unqualified can tamper with your server or try to fix a problem.

Set permission levels
You can assign users different permission levels on a network using Microsoft Windows Small Business Server 2003. Rather than giving all users Administrator access, give individual users access to specific programs only and define user privileges to be enabled when the user accesses the server. For example, you can grant permission to some users to read certain files stored on the server but not to change them. Only your network administrators should be able to access all your system files and services.

Remove network access for former employees
Eliminate the ability of former employees to log on to your network. It is easy to delete their access and user privileges. But if you wait too long, you might give disgruntled ex-employees an opportunity to damage or steal files.

Monitor application installations
Establish a policy for approving and restricting what applications get installed on desktops. Many applications carry spyware and other malicious coding that can disrupt the overall use of desktops and might even affect your network. Having a policy in place that requires approval of all new application and software installations helps to ensure that desktops will perform efficiently in a controlled environment.

Create an e-mail and Internet usage policy
A recent study reported that 6 percent of all e-mail messages are infected with viruses or other programs that can damage your computers. Create an organization-wide Internet usage policy that includes instructions to employees to not open e-mail attachments they do not expect. The policy should also address risky online activities and forbid practices such as downloading free utilities and other programs from the Web. Instruct employees not to share passwords and account information if they receive an e-mail message asking for them.

Require employees to use strong passwords
Passwords that are easy to guess can enable unauthorized people to gain access to your network. To prevent this, your security policy should require that passwords contain both letters and numbers. And, while passwords should be changed regularly, avoid requiring employees to change them too often. (If employees struggle to remember their passwords, they might write them down and post them on their monitors, making it easy for others to break into your computer system.)

Install a perimeter firewall
While a software firewall protects the PC it is installed on, a perimeter firewall is a hardware device that plugs into and protects your entire computer network. One notable feature: It enables you to close down network ports. Because network ports enable communications between client computers and servers, you can strengthen your network security and thwart unauthorized access by closing unused ports. This step is more difficult to implement, and you might want an expert to help set up your firewall functions correctly.

Set up a Virtual Private Network
Linking offsite users to your organization's network over the Internet enables them to check e-mail messages and access shared files. A Virtual Private Network (VPN) enables you to do this more securely. However, there's a significant security risk any time you make your network accessible to outsiders. You might want to bring in a security consultant because getting a VPN working properly can be tricky.

Configure wireless security features
Anyone within radio range of a wireless network has the potential to listen in or transmit data on the network. If you plan to use wireless networking, bring in an IT professional to help ensure that security features are activated and that wireless encryption and access control features are properly configured.

Create back-up and restore procedures
This task can be as simple as burning a CD with your data files on it, and then storing it in a safe place. The Windows XP operating system includes a tool to back up and restore data to your PC. However, you might want to look at a more sophisticated solution. If you need your data to be available at all times, you should work with an IT expert who can add hardware to your system that builds in redundancy, making duplicate copies of files on a different hard drive every time you save them. This way, if one hard drive dies, the back-up system can step in and keep your data flowing. You should back up files at least weekly and practice restoring data periodically just to verify that you can.

Configure database security
If you have a database that stores procurement, inventory, compliance, or other types of critical information for line-of-business applications, hire or contract with IT professionals to help ensure that this information is well protected. For instance, a database expert can shield Microsoft SQL Server from most Internet-based security risks by only allowing authorized users to connect to the database. They can also create back-up systems to restore your data if it is lost.