These days, security is on everyone's mind. Cyberterrorism, viruses, and hackers are more than front-page news — they're top-of-mind business concerns. "So what?" you ask. Your IT department is all over this problem, right? Well, they are — in theory. But there are still things that you can do to make their lives — and yours — a lot easier and safer. Just follow these simple rules, and you'll sleep a whole lot better.
1. Get yourself a copy of your company's corporate security policy.
Read it carefully. Then actually abide by it. It sounds stupid, but be honest: Have you ever read the page in the company handbook on appropriate computer and network usage? According to John Williams, chief technology officer at Preventsys, an Internet-security company that performs audits of corporate networks to identify security breaches, "Knowing what your company's security policies are — and actually complying with them — is the most important thing you can do to protect yourself. People often download things and disable network security without realizing the negative impact that this can have on the entire company."
2. Be smart: Change your password often.
Pick one that's hard to guess. Your password is your first line of defense against hackers (as well as snooping coworkers). You've heard this before, but it's worth repeating: Don't use your birthday. Don't even use a real word. And whatever you do, don't use the word "password." You wouldn't believe how many people do that.
3. Don't download music or video files on the company T-1 line.
We know: Downloading stuff over that fast connection is fun. But we're not raining on your parade just because it's illegal; it's also dangerous for your computer. Popular file-sharing programs such as Kazaa and LimeWire are often clearinghouses for sharing more than the latest Avril Lavigne single. "Kazaa is like a giant flea market in a bad part of town," Williams warns. "People often create a virus and name it like a popular MP3, and then it launches when you download the file. Another really evil program is one called Gator, which is often embedded in shareware files. It causes pop-up ads to appear on your desktop all the time, and whenever you shop online, it logs what you've purchased and then sells that information to marketing companies. You lose all privacy."
4. Don't set up any unauthorized wireless networks.
Wireless is fun. It's incredibly convenient. And companies are very slow about rolling it out across every department. But heading down to Best Buy and then plugging an unauthorized base station into the Ethernet jack in your cubicle is not the answer. "One of our clients suddenly started experiencing rampant problems with hackers. They had viruses all over the place," Williams recalls. "We did a sweep of the network to figure out the problem, using an antenna that finds every access point within a half-mile radius. We found that someone had hidden their own base station in a ceiling panel in order to have wireless access — but it wasn't hooked up to the company security system, so it left the entire network wide open. Next we found a station wagon full of teenagers out in the parking lot using the base station to get on the network and wreak havoc." The moral of the story: Be patient.
5. If you've already done some of the no-no's on this list, talk to your IT department about running a scanning program to clean up your PC.
It's a good idea to do a sweep of your system every so often and clear out the bugs: Think of it as spring-cleaning for your computer. But talk to the IT folks first. They may already have programs available that do this. If not, ask them about running a nifty program called Ad-aware by Lavasoft, a Swedish company. It hunts for marketing spyware, identifies anything that you have unwittingly downloaded, and gets rid of it. Find out more online (www.lavasoftusa.com).
A version of this article appeared in the May 2003 issue of Fast Company magazine.