By: Randy Johnston, Shareholder, K2 Enterprises
Blog Series: Avoiding Infection—Understanding the Your Protective Software (Post 2 of 4)
Security threats change regularly. Team members don’t recall what to do. To remind everyone of the appropriate strategies, schedule annual security training for your organization. The importance of compliance with your firm’s policies, steps to prevent infection, recovery methods, and other techniques can be reviewed. Well thought out security training helps everyone understand the issues. Investing time in training can reduce the risk of a catastrophic loss of resources due to an infection.
We recommend covering at least the following topics:
1) Name the product being used: It is important for team members to know if your firm has GFI VIPRE Antivirus, Trend Micro, AVG, Sophos, etc. Train on the basics of specific products to familiarize the end users with the protection provided by their company, such as:
a) “Here is the Icon for VIPRE Antivirus. See it in the Windows® tray?” (VIPRE is just an example – different products may be in use in your firm)
b) Note the color of the icon has meaning. Blue indicates that protection is on, active and up to date. Green indicates a scan in progress. Yellow and red mean there is a problem with the program and you need to contact your IT support team immediately.
c) If you do not have an icon, contact your IT support team immediately.
2) Explain how your firm’s AV protection works: Explain what the firm has purchased and installed:
a) Email gateway antivirus
b) Exchange antivirus
c) Firewall based antivirus
d) Desktop antivirus
e) Products to help protect our computer network from email threats.
f) You need to point out that this protection only works if it is enabled, up-to-date, and employees follow these basic principles:
i) Don’t click links in emails without determining where they go first
ii) Don’t open attachments unless you know the document’s source and were expecting to receive it
iii) The proper way to close pop ups (ALT F4) that may appear while surfing the web
iv) When in doubt, don’t open a file or click through a link
3) Ensure your AV is operating and current on your desktop at all times: AV is only as good as the most current signature file. Vendors frequently release updates to protect from known threats in the world and these change hourly, worldwide. Often, it can be several days or even weeks before some vendors have updated definitions (the file that allows identification of the viruses) to protect from the newest threats. It is not unusual for it to be several days, and on a couple of occasions, several weeks before the vendor releases specific definition protection for the new variant. Since different AV products have different signatures, some IT teams and providers will recommend different products be installed on your firewalls and desktops to provide more protection. Sometimes these products will conflict with each other and cause problems of their own.
Randolph P. (Randy) Johnston, MCS has been a top rated speaker in the technology industry for over 30 years. He was inducted into the Accounting Hall of Fame in 2011. He was selected as a Top 25 Thought Leader in Accounting from 2011-2014. His influence throughout the accounting industry is highlighted once again this year by being a recipient of the 2013 Accounting Today Top 100 Most Influential People in Accounting award for the tenth consecutive year. Among his many other awards he holds the honor of being one of nine technology stars in the U.S. by Accounting Technology Magazine. Randy writes a monthly column for The CPA Practice Advisor, articles for the Journal of Accountancy, and creates articles for both accounting and technology publications, as well as being the author of numerous books. He has started and owns multiple businesses including K2 Enterprises in Hammond, Louisiana and Network Management Group, Inc. in Hutchinson, Kansas. In 2010, NMGI announced their national support of CPA firms. His wife and four children enjoy many experiences together including theatre, music, travel, golf, skiing, snorkeling and model trains. His experience as a college instructor, management and technology consultant, and advisor to the industry will be obvious to you in today’s presentation.