Safer Office Management
When we talk about safer office management we are talking about the
creation of habits. Office management habits can useful or harmful. To
develop good office management habits, it helps to understand the
reasoning behind them. We �ve put together lists of habits that can help
you manage your information in a safer manner � but only if you choose
to develop the habits and think about why they are important.
What is most important for privacy and security in office management?
" Being conscious of your information and who has access to it
" Developing safe habits and using them consistently
" Using the tools properly
Administration
Many organizations have a system administrator or some individual who
has administrative privileges over email, computers on the network and
installation of new software. This way, if someone leaves the
organization or is unavailable for any reason, the administrator can
access the individual �s information and business can continue
uninterrupted. Also, this ensures that someone is responsible to ensure
the software on the system is clean and from a reputable source.
The problem is that some organizations consider this role one of merely
a technical support and allow a third party contractor to hold
administrative privileges. This administrator has effective control
over all information in the organization, so that individual must be
absolutely trustworthy. Some organizations make the administrator a
shared role, between the head of the organization and another trusted
individual.
Some organizations choose to collect PGP private keys and passwords,
encrypt them and then store them securely and remotely with another
trusted organization. This prevents against problems if individuals
forget their password or lose their private key. However, the location
where the files are kept must be absolutely secure and trustworthy, and
specific and extensive protocols must be created relating to accessing
the files.
The rules:
1. NEVER give administrative privileges to a third party contractor.
Not only is the third party less trustworthy than people within the
organization, but also someone outside of the office may be difficult
to reach in emergency situations.
2. Only the most trustworthy individuals should have administrative privileges.
3. You must determine how much information will be accessible by the
administrator � access to all computers, computer passphrases, login
passphrases, PGP keys and passphrases, etc.
4. If you choose to store copies of passphrases and PGP private keys
with another organization, you must develop protocols for access.
5. If an individual leaves the organization, his or her individual
passphrases and access codes should be changed immediately.
6. If someone with administrative privileges leaves the organization,
all passphrases and access codes should be changed immediately.
Software Administration
" Using pirated software can leave an organization vulnerable to what
we call the �software police �. Officials can crack down on an
organization for using illegal software, imposing huge fines and
effectively shutting them down. The organization gets little sympathy
or support from Western media because this is not seen as an attack on
a human rights NGO; it is seen as an attack on piracy. Be extremely
careful about your software licenses and do not allow software to be
randomly copied by anyone in the office.
" Pirated software may also be insecure because it may contain viruses.
Always use an anti-virus utility whenever software is being installed.
" An administrator should have control over whether new software can be
installed to ensure it is checked before installation. Do not allow
installation of potentially insecure software, and only install
software within the office that is necessary.
" Install the most recent security patches for all software used,
especially Microsoft Office, Microsoft Internet Explorer and Netscape.
The biggest threat to security lies within software and hardware
delivered with known vulnerabilities.
" Better yet, consider switching to Open Source software, which doesn �t
rely on the �Security through Obscurity � model, but rather welcomes
security experts and hackers alike to rigorously test all code.
" Using Open Source software and any software other than Microsoft has
the added benefit of making you less vulnerable to standard viruses and
non-specific hackers. Fewer viruses are created for linux or Macintosh
operating systems because most people use Windows. Outlook is the most
popular email program so it is the most popular target for hackers.
Email Habits
Email encryption should become a habit and it is easier to remember to
encrypt everything than to have a policy of when email should be
encrypted and when it should not. Remember, if email is always
encrypted, then anyone watching your traffic will never know when your
communications become more significant and delicate. Here are a few
other important points:
" Always save encrypted email in encrypted form. You can always decrypt
it again but, if someone gains access to your computer, it is just as
vulnerable as if it had never been encrypted.
" Be persistent with everyone with whom you send encrypted email to
make sure they do not decrypt it and forward it or reply to it without
bothering to encrypt it. Individual laziness is the biggest threat to
your communications.
" You might wish to create a few safe email accounts for people in the
field that are not used generally and so do not get picked up by spam
servers. These addresses should be checked consistently but not used
except for these remote people. This way you can destroy email
addresses that are getting a lot of spam without endangering your
contact base.