Protect Your Business IT Assets

Protect Your Business IT Assets

This article addresses two problem areas that are of particular concern to business owners and operators: old computers and software updates.

Protecting customers’ sensitive information is one of the most important things your business can do. If customers can’t trust you to protect its interests, they will look elsewhere to spend their dollars. Technology advances at such a rate that it is hard to keep up with IT security best-practice. But keep up we must.
 

Why you should care about how you dispose of old computers

If the cars parked outside their home garage and the revenue stream of storage companies suggest anything, it’s that we have a hard time knowing what to do with old stuff. Who knows when we might want to recover grandmother’s old couch? It might be worth something; it’s too big to move and there is no convenient way to dispose of it.

For some reason, we have no such angst when it’s time to replace a computer. There are plenty of charitable organizations who will be only too happy to take your old computer off your hands.

However, your old computer is far more valuable to your personal security than the old couch. You should never dispose of or donate a computer having its hard drive intact.

Just because you think it has little value doesn’t mean it actually has little value or that it won’t be used against you. Security expert Brian Krebs writes that “nearly every aspect of a hacked [or donated] computer and user’s online life can be and has been commoditized. If it has value and can be resold, you can be sure there is a service or product offered in the cybercriminal underground to monetize it.”

In the parlance of information security professionals, computer storage contains up to eight threat “vectors” or points at which your personal information could be stolen or used inappropriately. The bad guys would love to hack your computer so they could:

  • make it a web server for all sorts of really bad things (child porn, spam site, etc.)
  • execute email attacks using your cached personal or work email account; steal “virtual goods” such as online gaming assets, operating system license key, etc.;
  • hijack your reputation or personal ID using stored credentials (Facebook, LinkedIn, Twitter, Google, et al.);
  • collect account credentials (eBay, Amazon, Netflix, corporate servers, signed certificates);
  • use financial credentials to enrich themselves (bank account data, stock trade information, etc.)
  • disrupt internet operations via bot activity to guess account login passwords and user IDs;
  • seize control of important accounts or threaten public disclosure of secrets (hostage attacks)

Better to think defensively than to assume you will somehow escape a threat to you and your company. Such defensive thinking will lead you to destroy any hard drive before the computer is donated to charity or recycled.
 

Keep your software up to date to reduce threats. Here’s how.

The biggest threat to your computer’s security is its user. The second biggest threat to your computer’s security, however, comes from the installed operating system and software. The rule of thumb is “if installed, it should be up-to-date.”

Old versions of operating systems, particularly Windows, are known to be widely exploited to deliver up sensitive information. For Windows users, the current version is Windows 10. Mac users are not immune to attacks, the current version is macOS Big Sur. So keep your operating system up-to-date.

The more difficult process is keeping individual software applications current with updated patches and versions. Many programs display notifications when a new version is available. Don't forget your internet browsers. In 2021 alone Microsoft ended support for both Internet Explorer 11 and legacy versions of their Edge browser. Read more here about these changes.

Protect your assets by keeping computer operating systems and software up-to-date and by ensuring information storage is not inadvertently left intact when decommissioning the device(s).