Putting Your PCs In Lockdown Mode
That sensitive information in your computers—not only about your club operations, but also your members—is under assault as never before. Here are steps to take to improve data protection and ensure your network's integrity.
by Jamie L. Scheppers (editor@clubandresortbusiness.com)
January 2006
Or maybe the wakeup call came when you, or some of your members, were among the millions receiving letters last month from companies like Marriott, Ford, Sam’s Club, and ABN Amro Mortgage Group—all of which had to notify employees and customers that computers or tapes loaded with personal data had been lost or stolen.
More likely, you already knew, because of your own business acumen or repeated inquiries or reminders from Board members or staffers, that your club’s increasing dependence on computer records and electronic transactions has also increased its vulnerability to letting the wrong information fall into the wrong hands.
This is an especially sensitive subject in the club world, with its high-profile clientele. It’s not something you as a club manager want to take lightly, or hope or pretend will go away or never happen to you. It’s important to take all the steps that are needed to protect yourself, your club and your members, so you don’t find yourself being added to the increasingly bleak statistics.
Handling the Hackers
Information security is a technical field that is ever-evolving, as the “good guys” try to stay one step ahead of—or at least even with—the devious minds that are always inventing new ways to get at sensitive data that doesn’t belong to them.
Luckily, you can protect your club without having to know everything the hackers are up to. There are many products available that will do the work for you, and a lot of them are already included in your computer’s operating system. In these cases, all you have to do is activate the software and make sure you keep it up to date, by installing available upgrades.
But even as you let the software do the work for you, it’s not a bad idea to understand as much as you can about how it works. Here are six things you can do—or should not do—to protect the integrity of both your staff ’s individual computers and your club’s network.
1. Don't Slack on Antivirus Software
These days, antivirus software is virtually impossible to live without, for two reasons: 1) It comes with pretty much every new computer, and 2) Once you’ve been victimized by a virus, you’ll never again be remiss about renewing—and regularly updating—your coverage. But remember, even though this lifesaving software is easy to come by and relatively inexpensive, you have to set it up correctly for it to be able to do its job.
When you purchase a new computer, the antivirus program is usually pre-installed and can be activated for a year of protection. When that initial period runs out, you’ll be asked to renew, for a modest fee. This fee is worth paying, as it not only gives you the best possible protection against the latest and most virulent strains of computer viruses, but also helps support the software programmers’ ongoing efforts to keep the database of known viruses continually updated.
Most antivirus software will automatically download and install updates as they become available. You should activate this feature along with your operating system’s automatic update utility. After all, the fewer things on your mind, the better. And while you’re at it, don’t forget to set up a schedule of automatic, full-system scans. These can take a while, so it’s best to schedule them for the wee hours of the morning (make sure to leave computers on overnight when they’re scheduled). Once a week should be enough to help you sleep better.
2. Don't Be Gullible
By now, we’ve all learned to recognize e-mail scams and downloads of questionable origin, right? Wrong. Sometimes viruses lurk in attachments supposedly sent from people or organizations that we know. Viruses often spread themselves be sending copies to every e-mail address stored on an infected computer.
One way to prevent unwittingly infecting a computer—or worse, an entire network—is to simply take the time, before you open a suspicious file, to contact the sender and ask what it is. If it’s a virus, your quick call or e-mail will give them a heads-up that they’ve been infected. Besides, it may give you a reason to have some novel personal interaction with business associates, members/clients, or old friends.
If an e-mail appears to be from a reputable company, but asks you to click on a link or provide information in order to “complete an order” or “update your account information,” don’t take the bait. This trick is called “phishing,” and is an especially heinous means of stealing someone’s personal information. Some phishing schemes even masquerade as “secure” and “encrypted” sites, to increase the likelihood that you’ll blindly enter your personal information.
It may seem overly paranoid, but you should also avoid clicking on any links in e-mails. If you want to visit a Web site, take time to copy and paste, or type the URL, into your browser’s address bar yourself. Even if a link appears to be the same as what you would type in, it’s still possible that it’s actually a cover for another, more harmful link.
Also, when surfing the Internet, be especially wary of Web sites that ask you to “download this plug-in to properly view the site.” Many times these are legit, such as with Acrobat Reader—but if the site isn’t well-known and trusted, go with your gut, and click onward to a more reputable site.
3. Shaking Spam
On one level, spam is simply an annoyance. But it can also be a source of low productivity, if you and your staff have to continually weed through hundreds of junk e-mails to get to the "good" ones. And if the hassle weren't enough, spam is infamous for spreading viruses. Even if you carefully guard your e-mail address and never use it for online "free registration" requests, you'll start getting spam eventually. It's a fact of life in the digital age: If you have an e-mail account, it will get spammed.
You can protect yourself, though. Many Internet service providers (ISPs) offer some level of free spam protection. This may or may not be enough to block everything, but it will do its best to at least filter unwanted messages into a separate folder. The level of filtration depends on the settings you choose, and today's spam filters are much more sophisticated than earlier versions, making the chances that valid e-mails will be marked as spam smaller than ever before.
Still, it's a good practice to set aside a minute or two each day to browse through your e-mail program's spam or junk folder before deleting its contents. Every once in a while, messages you might actually want will slip through. The most likely candidates are those massmailed from services you've signed up for, such as newsletters. Once you've identified these addresses, you can manually add them to a list of approved senders—which, by default, also includes any entries in your address book.
Another step you can take is limiting how your e-mail address appears on public Web sites. Some spammers have software that "trolls" the Internet looking for anything fitting the "something@something.com" format. This might not be practical for your club, though; after all, it's considered good customer service for your members to be able to easily contact you through as many means as possible. So that means you might not want to remove e-mail addresses from your club's online staff listing. Instead, make sure you are using your ISP's anti-spam protection, or similar protection from a third-party vendor. This is a good topic to consult with your Web programmer about. 4. Beware Spyware
Spyware is similar to spam; it’s something unwanted that gets onto your system. Spyware, like some viruses, is software that exploits your system for the benefit of the program developer. This can mean using your machine to send spam, or it could mean that the program collects your personal data and sends it to the software creator—all without your knowledge.
Spyware usually finds its way onto computers when “freeware” or “shareware” programs are downloaded. It’s embedded in the legitimate software, often to help the developer make money off what’s been given away. In such a case, the spyware or “adware” might be a means of displaying banner ads on your machine.
Just as spam can be a drain on personal productivity, spyware can slow computers’ performance. If you notice a computer running slower than usual, or taking a long time to load Web pages or start up or shut down, you might have a spyware problem. Other signs can include extra icons or toolbars you didn’t knowingly download or install, unexplained credit card charges, or increased spam volume. In all cases, running a reputable spyware detection and removal program regularly is again the best preventative measure.
5. Firewalls Are Your Friend
Erecting and maintaining “firewalls” is perhaps your most important step in protecting both individual computers and entire club networks from unauthorized outside access, and hiding those networks and PCs from would-be hackers. Firewalls now come as both hardware and software. The hardware is a device that plugs in between your PC and your modem, and the software is installed on your computer, much as you would any other software application.
There are many pros and cons to consider when choosing which type of firewall to install. Hardware models don’t manage outgoing traffic, so there’s nothing to prevent spyware from broadcasting your information to the masses. Software versions, though, can slow system performance, because they run off the same processor and RAM all other applications are vying for. And they can also be disabled by malicious viruses.
Once you’ve settled on the type of firewall to use, you can pretty much just install it and forget about it. Some filters will track activity, and most are useful in blocking adult Web sites or any others that you feel the need to restrict. Just be sure that only authorized staff members have access to change the firewall settings. If anyone can temporarily deactivate the firewall, there’s really no purpose in setting up these features. And don’t get wrapped up in the idea that it’s too “Big Brother”-ish to block certain Web sites or certain types of downloads. The type of site you would consider blocking is also the type of site most likely to harbor viruses or spyware.
6. Back Up Everything
Operating systems usually come with some sort of system or file recovery utility. Antivirus software also often comes with additional system utilities designed to help “rescue” deleted files. But does that mean you can rest easy, knowing your data is safe? Hardly. If anything is saved on your computer that you would miss if it were to suddenly become unavailable, then you need to back up your system. Clubs and resorts, as businesses, can’t afford to lose all their files.
A virus can wipe out all or part of a hard drive, as can a physical incident such as a flood or fire. And sometimes, hard drives can fail with no warning, and for no apparent reason. You really need to have backup copies of every valuable file, as well as a means of reinstalling any software that is lost or corrupted. Power surges and blackouts can also be harmful, so surge protectors and uninterrupted power supplies are necessary physical backup measures.
You might feel comfortable with a weekly backup, but daily backup is recommended for businesses.You can save information to a rotating tape system, where the information is removed to an offsite location for safe storage if something were to happen to not only the computer, but also the clubhouse. There are also online systems that can accomplish basically the same thing. Many options exist, but it’s important to fully research your options as far as reliability, your risk-acceptance profile, and your budget. Some methods may seem too expensive—but suffer through one crashed hard drive or file-destroying virus, and you’ll vow never to slack off on backup again. C&RB
To comment about this story, suggest topics you'd like to see covered in future issues of C&RB, or just ask a question, contact editor@clubandresortbusiness.com
Summing It Up
• Increasing dependence on computer records and electronic transactions has also increased clubs’ vulnerability to having information fall into the wrong hands. Data security is an especially sensitive subject in the club world, with its high-profile clientele.
• Many products already included in your computer’s operating system will do much of the protective work for you—as long as you make sure to activate the software and keep it up to date by installing available upgrades.
• Automatic, full-system scans, conducted after hours at least once a week, still offer the best “macro” protection against all possible system breaches.
• Be sure only authorized staff members can change firewall settings.
Be the first to comment on this article.
Post a commentCopyright © 2008 Harbor Communications 1991 Crocker Rd. Suite 200 Westlate, OH 44145. Tel: (440) 250-1583; Fax: (440) 250-1583
