5 Workstation Security Best Practices

Feb 09, 2015

5 Workstation Security Best Practices

BY John DeWolf

Cybersecurity

Hopefully you’ve never experienced the total frustration of dealing with a system infested with malware. It may take hours to detect and remove all of the malware-affected files on a system. Because of this, many IT people prefer a “clean install”, which erases the drive and replaces everything on it. But with a clean install, you’ll lose any information not saved elsewhere. Ugh. This all could have been prevented with proper workstation security.

The following five practices can help prevent possible problems and increase the security of your workstation.

1. Use an active security suite

A security suite should protect your system from viruses, malware, spyware, and network attacks. These days, a product that provides just anti-virus only isn’t enough. Not all malicious programs are viruses. Some programs present themselves as useful, but are spyware. For example, a program that offers to alert you to discounts or deals, but also monitors everything you do online. Your security suite should detect that and disable it.

If you use a company-owned system, your IT folks likely provide a security suite. You should make sure that your security software is running and active. If it isn’t, turn it on and immediately run a full system scan.

2. Update your software

Keep your operating system, security suite, and programs up-to-date. Microsoft releases patches on the second Tuesday of each month. If you update your own system, check then. If an IT professional manages your updates, they may test Microsoft’s patches before they deploy the patch to your system, so there may be a delay.

Many security suite vendors release updates every few hours. Your system should receive and apply those automatically to protect against recently identified threats.

Applications—especially programs that connect to the internet—also offer a way for attackers to access your system. For example, the makers of Java and Flash issue frequent updates to patch problems identified with those applications. If you use an application keep it up-to-date. If you don’t use an application, uninstall it. (Check with your IT team before making any changes!)

3. Leave it? Lock it

Never leave your system logged in and unattended. Never: as in… not in your office at work, not on your desk at home, and not at your favorite local coffeeshop. Never. When you walk out of eyesight of your device, lock it and/or log out. (On most Windows systems, just press Ctrl-Alt-Delete then Enter to lock it. Or, hold down the Windows key and press L.) Configure your system to automatically lock—and logout—after a few minutes if not in use.

4. Don’t share

Unless your IT team specifically tells you otherwise, don’t share your system—with anyone. If you’re the only one to use your system, you can keep it safe. Hand it to Alice in Accounting and she might insert a flash drive filled with malicious files. Loan your system to Bob in Marketing to use for a presentation at a conference…  and he might just present you with an infected file.

When you share a file, share it from the company’s shared file system—in the cloud or on your server. Cloud services actively scan for problems, and your document server likely does, too.

Keep things simple: don’t share your system. Nobody borrows it—ever.

5. Backup your data

Back up data you want to keep. You don’t need to back up your operating system or applications—your IT team should be able replace and update those easily.

But your data isn’t replaceable. That means your email, your documents, images, spreadsheets, presentations, audio and video files—all of it should be backed up.

Any file that matters to you should be backed up. This also includes cloud applications. It’s true, just because you store data in the cloud does NOT mean it’s automatically safe and protected. If your company is storing critical information in a SaaS application (ex. Salesforce), consider implementing a cloud to cloud backup solution.

With a backup, if your system does get infected—or when the hardware finally fails—your data is safe. You get another system, set it up, then start work. A backup can save you the frustration of fighting with a malware infested system.

How well do you perform all five of these practices? What about your colleagues? How well do they perform each of these practices?

Subscribe to the Blog