Sunday, September 05, 2004
Review of Microsoft's security advice for small business
Microsoft has published a 50-page guide to computer security for small businesses.
They wrote it for the same kind of people that The Security Mentor is meant to serve. The guide is not particularly technical and explains almost all the technical terms it uses.
The guide covers several useful subjects:
Most of the advice applies no matter where you get your software. Every now and then they write as though Microsoft were the only software in the world -- for example, one question is whether you're running the most recent version of Microsoft Internet Explorer. They also recommend looking for a consultant with some certifications specific to Microsoft products. I recommend looking for a consultant who can point you to best-of-breed solutions regardless of whether they're from Microsoft.
There are some strange omissions. Two of the biggest threats to your information security are the telephone and the trash can. The guide doesn't even have the word "shredder" in it, and doesn't cover training your staff about what information to give out over the phone.
It's worth reading. You'll find out things you wouldn't have thought of, and you'll be in a better position to communicate with a security consultant or to try doing it yourself.
|
They wrote it for the same kind of people that The Security Mentor is meant to serve. The guide is not particularly technical and explains almost all the technical terms it uses.
The guide covers several useful subjects:
- What kind of threats are out there
- Practical examples of what's happened to other small businesses
- A side bar about how to hire a consultant
- A sample small business security policy
- A quiz to give you a rough idea how well protected you are now
- A 10-step program for improving security
Most of the advice applies no matter where you get your software. Every now and then they write as though Microsoft were the only software in the world -- for example, one question is whether you're running the most recent version of Microsoft Internet Explorer. They also recommend looking for a consultant with some certifications specific to Microsoft products. I recommend looking for a consultant who can point you to best-of-breed solutions regardless of whether they're from Microsoft.
There are some strange omissions. Two of the biggest threats to your information security are the telephone and the trash can. The guide doesn't even have the word "shredder" in it, and doesn't cover training your staff about what information to give out over the phone.
It's worth reading. You'll find out things you wouldn't have thought of, and you'll be in a better position to communicate with a security consultant or to try doing it yourself.
# posted by Frederick @ 4:13 PM Email to a friend:
Haloscan: they provide trackback