PC’s come optimized for marketing, but certainly not security. There is more junk on a new PC that they are trying to sell you, but about as secure a teenager on the first day of middle school.

The 12 Secrets of SMB Security

Secret #5: Remove Unused Software and User Accounts; Clean Out Everything on Replaced Equipment

Cost: Minimal – No additional investment

Technology skill level: Low to medium

Participants: Technical support

Computer systems come with a host of pre-installed, pre-activated software that can be manipulated to attack your network. The installation process is designed more for ease than security. Thus, mostly functions which may cause a security risk are also activated such as remote file sharing. The best way to prevent such an attack is by disabling or removing all unused software from the computer.

Business system administrators are best suited to decide what software should be installed. Every computer user should have a unique account so that his access to the data and software is limited to what they require to do their job. It is also important to ensure that the invalid user accounts be deleted regularly to prevent system attacks. Similarly, the access to specific software should be allowed per user id based on their current job functions and it should be kept up to date based on changing user roles.

A lot of confidential information is stored onto disk drives. Generally, whenever information is deleted, this information somehow remains undeleted and may be retrieved later. Similarly a lot of information gets stored in the temporary files which we may not be able to view easily. As the disk drive may fall into the wrong hands, thereby causing a huge loss to your business, it is better to prevent confidential and sensitive data from leaking out. To do so you must overwrite the complete hard drives and floppy disks with useless data when discarding them or selling it.

One wonders why something which is not troubling the user should be removed. Well the answer is simple. Each unused user account and software is just an easy entry into your system for the attacker. It allows the attacker easy access and he will be able to can take confidential information such as information about your credit cards and customer names and can easily damage and destroy files and programs. Attackers can also use your systems as a base to attack others, and these victims can sue you if their losses are high. If an infected email is sent from your computer leading to the infection of other computer it may become a problem for both parties.

Like we manage our money with caution, we need to do the same with computer access. This is because any loss of data or information is as bad as losing money. As was illustrated earlier with the example of an ex-employee using his former email access to gain a competitive advantage, leaving unused user accounts to remain on the system or network may be detrimental.

To prevent such an event:

• Remove accounts for terminated employees when they leave. When firing someone, do not allow them any computer access before notifying them and arrange for a monitor while they are on the premises.
• Establish a policy that software which is not needed should not be installed on company computers (i.e. games, free download software, music players, etc.).
• Establish a process for removing data on all computers hard drives when equipment is repurposed, discarded, donated, and sold. Use a utility program to remove all information by overwriting all available disk space.

Additional Steps

Uninstall software and archive data files that are no longer used. The less useless information on the system the easier it will be to manage backups and keep software on the system at a current update level. While it may be convenient, it is very risky to rely on vendor defaults for your system. Default functions are attractive targets for attackers –the likelihood of availability is high since most installers will choose the default. Reduce your visibility as a target by explicitly selecting only the computer functions you need at installation. If you do not know what a function is, check the help information and make sure it is something you need before turning it on. A little time in the beginning can save you from major trouble later.

Here is a real life example of how a disgruntled former employee may cost you valuable business.

Small Telecom Consulting Firm Loses Business When Security Breach is Made Known to Prospective Clients

A telecommunications-consulting firm with 8-10 employees reached a business agreement with a security consultant for joint work. To confirm, the security consultant sent a letter to the president of the company via e-mail. The president never got the letter.

Instead, the consultant received a note back with his original e-mail saying; “Don’t do business with this company. We are a government organization made up of DEA and FBI agents. This email has been sent to you confidentially. If you disclose any of this information we will prosecute you.” Since the consultant was in the security field, he easily determined the warning was bogus and contacted the State Attorney General’s Office and the FBI.

The consultant also terminated his agreement with the telecommunications firm, which threatened to sue him, a threat that never materialized. It turned out the bogus e-mail was from a disgruntled former employee who had built the company’s e-mail server. Before leaving the company, the former employee arranged to have all e-mails to the president of the company forwarded directly to him. He has not been prosecuted.

Thanks so much for taking the time to read Part 7 of 15 in the “The 12 Secrets of SMB Security” series. Please feel free to contact CopiaTECH with any questions about anything you read or your small or medium-sized business and cyber security.

Please continue on to Part 8 in the series, “The bad guys are not just on the internet”.