• Prospective Students
• Alumni
• Business & Industry
• Visitors

• Apply Now »
  • Undergraduate
  • Graduate

• Center for Professional Development
• Information Technology & Management
• Industrial Technology & Management
• Professional Learning

Information Technology and Management » Resources » ITM Faculty and Student Papers » On Broadband Internet? Protect your PC! »

How to teach employees to protect their passwords

This article was a TechLink feature in the September 20, 2004 issue of The Business Ledger.

Rate this paper at SecurityDocs.com: 5 - Perfect 4 - Good 3 - Average 2 - Mediocre 1 - Bad

By Ray Trygstad

If you are a small business owner, a telecommuter, or just someone who uses your PC at home to do work now and then, you probably do it on some form of broadband Internet access, such as DSL or a cable modem. Whether you are aware of it or not, your broadband-connected PC is the target of constant attacks of all kinds. If you have not taken the proper steps to protect your system, you probably will find that it will eventually become sluggish & non-responsive, and in worst-case scenarios your data and passwords could be stolen or your PC could crash catastrophically. There are quite a range of things that should be done to protect your Windows PC, but four are critical. These critical tasks include updating your operating system constantly; using an Internet firewall; ensuring you have up-to-date antivirus protection; and blocking and eliminating spyware.

A good starting point is to ensure that you are running the most recent version of Microsoft Windows that your computer will support. I’m no big fan of Microsoft myself but they are the market leader, and while it may be painful to fork over a few hard-earned dollars to buy a new version of something you got for “free” when you bought your PC, it is really one of the best steps you can take to make you computer more secure. Let’s face it, if you are using your PC for business you need a business operating system, and Windows 98 or Windows ME are not that. (If the best you can run is Windows 95, you really are in need of a new PC.) So start by upgrading your system to Windows 2000 or Windows XP; you can check to see if your system meets minimum requirements for Windows 2000 at http://www.microsoft.com/windows2000/professional/evaluation/sysreqs/default.asp or for Windows XP at http://www.microsoft.com/windowsxp/home/evaluation/sysreqs.mspx (you can’t buy Windows 2000 in stores anymore but it’s readily available on E-Bay and other sites).

Ray Trygstad is the Assistant Director for Information Technology of Illinois Institute of Technology's Rice Campus in Wheaton. As an officer in the U.S. Navy, he was an Information Systems Security Manager and had the opportunity to create an information system security program from the ground up. He teaches information system security management, operating systems and virtualization, and information technology management in IIT's Information Technology & Management Degree Program

Once you are running Windows 2000 or Windows XP, you need to ensure your system is set to update your operating system. The primary reason that the bad guys out there can mess with you computer is because there are “vulnerabilities”. With the millions of lines of programming code in a modern operating system, it is almost inevitable that there will be unidentified flaws that can be exploited once they have been identified. As each of these vulnerabilities is discovered, Microsoft issues patches or upgrades to correct the flaw. If each of these patches is applied in a timely manner, many of the worst consequences can be avoided. Both the Sasser worm and the Blaster virus—both of which had an enormous impact on business—could have been stopped dead in their tracks had everyone installed the current patches, as both of them exploited vulnerabilities that had already been identified and had a corrective patch issued. To get all of the current updates and to enable automatic updating of your operating system, visit http://v4.windowsupdate.microsoft.com/ in Internet Explorer.

If you use a computer in a work environment with full IT support, odds are extremely good that you are behind the protection of an Internet firewall. But if you’re a small business with no IT support or are running a PC at home, you probably lack this critical protection component. A firewall filters out unwanted traffic and blocks attempts to interfere with or take over your PC. If you have a home or small office network, you may have a router which has a firewall. If so, take the time to read the documentation and enable the firewall. If your PC connects directly to the Internet, you need a personal firewall. The good news is that one is built into Windows XP; you can visit http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx for full details to make sure you are protected. If you are running Windows 2000 or your protection needs are a little more complex, for home use you can get Kerio Personal Firewall for free at http://www.kerio.com/kpf_download.html.

Up-to-date anti-virus protection seems like a no-brainer, but it’s amazing how many people don’t renew their update subscription or ensure auto-update is enable in their anti-virus software. McAfee VirusScan or Norton Anti-Virus are the most popular, but there are also good offerings from Sophos and Computer Associates. If you are using any one of these, ensure that your online updating is enabled and is scheduled to occur daily. And if you really have trouble with the few dollars a year it takes to keep your anti-virus software current, there are two very good anti-virus products with full updates that are free for personal use: AVG Free at http://free.grisoft.com/ and AntiVir Personal Edition at http://www.free-av.com/.

The next step is a little more complex but is really critical. Increasingly, Web sites you visit may download software to your computer and run it without your knowledge or permission. Much of this software is called “spyware”. Most spyware is somewhat benign although it still compromises your privacy by reporting on your Web browsing habits. Some is far more evil, and can take over the configuration of your Web browser, pass along your passwords and even take over your computer. One way to avoid many of these problems is to run a Web browser other than Internet Explorer. Firefox, the latest outgrowth of the once-popular Netscape browser, is free and very capable; you can find it at http://www.mozilla.org/firefox/. If you need to run Internet Explorer, you should install some anti-spyware software. Don’t be taken in by allof the pop-up ads offering to sell you this type of product; sometimes the best things in life ARE free, and this is one of them. Spybot Search & Destroy at http://www.safer-networking.org/ and Ad-Aware Personal at http://www.lavasoftusa.com/software/adaware/ are both free for personal use and effectively locate and eliminate spyware and prevent its installation on your PC. Many run both products.

You can get more on Micrtosoft’s take on protecting your PC at http://www.microsoft.com/athome/security/protect/. These critical steps can prevent a great deal of headaches down the road and keep youp your PC running safely at optimal efficiency.

---

Illinois Institute of Technology is a private, Ph.D.-granting university.
Document Last Updated by Ray Trygstad
Copyright 2004 Illinois Institute of Technology