 |
Home | Search | Browse | About IPO | Staff | Links |
|
Home | Search | Browse | About IPO | Staff | Links |
|
SPECIAL FOCUS Let Policy "Police" Computer Use
Practical, expert advice regarding computer passwords, virus protection, BY JEFF MURPHY The estimated damage done by the "Love Bug" virus ranged from two billion to over 15 billion dollars. Administrators are given a daunting task when asked to manage and control an organization's personal computer systems. According to Dataquest, a leading information technologies research firm, business use of personal computers (PCs) has caused shipments of computers to expand 15 percent in the first quarter of 2000 as compared to the first quarter of 1999. In the first quarter of 2000, more than 29.9 million computers have been shipped worldwide. This growth affects every segment of business. Many more park districts and other recreation organizations are recognizing the value of a computer on every computer user's desk, and are acquiring PCs for use in their own organizations. These powerful, low- price machines with an easy-to-use Windows interface, are permitting organizations to place computers on desks that would not have been possible only a short time ago. Along with an increased number of computers within the organization, the need for connectivity has also increased resulting in local area networks being installed. Client-server networks based on Novell NetWare or Microsoft Windows NT are the most prevalent, but more basic peer-to-peer networks can also be found. These networks provide support for e-mail systems, organization-wide software applications, Internet access, printer sharing, and many other uses. Having a computer on everyone's desk—according to PC manufacturers and software developers—is the direction every progressive organization should be headed. While there are many benefits an organization can receive by connecting people with computers and computer networks, there are also many problems that an organization should watch out for as computer use expands into our organizations. An organization can reduce the problems they may encounter with computers by keeping users aware of some common dangers. It is the organization's task to inform users of the proper and improper use of the computers. Listed here are some common areas that need special attention from the people responsible for the computer networks of any organization. Passwords The computer industry has done a very poor job in educating users of the importance of keeping their passwords to themselves. Every time I install a network, I always give my password speech. The speech reminds users that the password they have been given is theirs, and no one else should know their password. Their password protects information they place on the computer network including word processing docu- 20 / Illinois Parks and Recreation LET POLICY -POLICE" COMPUTER USE ments, spreadsheets, and e-mail. By not protecting their password, it would be easy for another user to log onto the network under a false identity, and send malicious e-mail across the network. The vice president of one of my clients even told me that people in the organization laughed about my speech at lunch following one of my visits to the site. When the vice president's own private correspondence ended up in the wrong hands the laughing ended, and they took password privacy much more seriously. On both Novell NetWare and Microsoft NT Server,, the password is never displayed. A well-setup network would prompt users for a new password the first time they log in, so even network administrators would not know a user's password. If a password is forgotten, the administrator can assign a new password, and have the system prompt for a new password the next time that user logs into the network. Data Protection One important area of protection is a good system for backing up your data. Many organizations already have a good backup procedure in place to protect the data. One area related to data protection that is important is the user's personal documents. It is important that the organization inform the users where they should place their documents in order for them to be backed up in the normal backup procedure. It is common that an end user's local hard drive may not be backed up in the normal backup procedure. It is important for the users to know whether or not the organization will be backing up local hard drive data. If we do not back up this data, then it is important that the end user accept responsibility to backup their own personal documents that they do not store on the network. Additionally, if your organization does not have a daily backup procedure, it is important to implement one. It would be difficult to place a dollar value on the data that is located on your computer network, but the time and effort required to recover lost data is enough reason to spend some time and money to get the required hardware setup to assist with the backup procedure. Backup hardware that would be able to handle up to 40 gigabytes of data can be purchased for less than $1,500. Frequently, backup hardware is shipped with backup and scheduling software that works with the particular equipment purchased. After setup, the only interaction required from a user would be to change the tape, and to check the backup log. Virus Protection Businesses, governments and PCs worldwide were crippled in May 2000 by a computer virus affectionately called the "Love Bug" virus. This virus appeared in a user's e-mail in-box with the subject "I love you."
July/August 2000 ¦ 21 SPECIAL FOCUS
If the user opened the e-mail and attempted to open the attachment, a script program would execute that replicated the virus to all the people the user had in their address book. In addition to the replication, the virus would delete all graphic and sound files on a user's computer. Once the initial strain of the virus had circulated through corporate and private e-mail systems, the virus was relabeled and sent out again. I wish computer users didn't have to worry themselves with things like viruses, but unfortunately we have to be concerned with them. The estimated damage done by the "Love Bug" virus ranged from two billion to over 15 billion dollars. The damage is difficult to measure since the effect on the user is lost productivity in addition to lost graphic and sound files that may be important. The best way to protect your organization is to purchase and install a version of virus protection software. Since the problem of viruses has been so prevalent, many new computers ship with virus software installed. The important action that must be taken is keeping the virus software updated with the current virus list. Many virus software manufacturers allow users to download updates to their software that will protect users from newer viruses. In order to perform this update, a valid license for the virus software is required, and the means by which the download can occur must be provided. For an organization with many computers, the best method may be to standardize a virus software package, then get the updates as needed, and distribute them across the organization. It is important to inform users about a few other steps that can be followed to protect your organization from virus-infected programs. • First, never open attachments to e-mail from an unfamiliar source. • Second, be aware of how viruses operate, and look for telltale signs of a virus. • Lastly, don't download items from unfamiliar Web sites. Internet Use and Safety The Internet is a powerful and exciting resource and tool that is becoming more available every day. There is an incredible amount of information available to users. Even your state and national associations (Illinois Association of Park Districts, Illinois Park and Recreation Association and the National Recreation and Park Association) have gotten on the Web and provide information to their members, and the rest of the world, about the exciting world of recreation. The Internet is valuable for sharing information, research, shopping, checking news, tracking stocks, 22 / Illinois Parks and Recreation LET POLICY "POLICE" COMPUTER USE gaming, and a wealth of other uses. However, the Internet is also something that can easily be abused both by people in your own organization and outside the organization. The Internet is a great diversion. Many organizations are providing easy access to the Internet without a significant reason certain individuals in the organization would need access to the Web. The organization should communicate their reasons why the Internet is provided to users within the organization, and what proper and improper use of the Internet might be. Smart organizations will not provide Internet access to individuals without the user signing an Internet policy document stating that they understand the proper use of the Internet. (See sidebar "Computer Use and E-Mail Policies" on pages 21 and 22.) Software Licenses Recently, the problem of software piracy has become a big concern of software manufacturers. Microsoft is spending a significant sum of money to educate the public concerning this issue. Every time new software is acquired for your organization, the license should be validated and stored in a safe location in the organization. The organization has a responsibility to be sure that all the software used by the organization has a valid license. Many computers are shipped with a valid license for the operating system, so the bigger problem will probably focus on the application software that is used. The organization should be aware of the valid use of the license, and communicate that to the end users. One common misuse of a license is the concept that software can be loaded both at a user's desk at work, and then also copied onto their home computer. Actually, this is a violation of most software licenses. Another licensing concern for an organization is software brought in by an employee and installed on their local hard drive without the organization's knowledge or approval. The best way to prevent license abuse is to purchase software through reputable sources. There are many in the area, and many have municipal government pricing available. The key to having a computer system that continues to be functional and available is communication. The people responsible for the computer systems need to communicate with their users concerning the issues discussed here. There are many creative ways to keep reminding your users about these important issues. Start an e-mail newsletter to your users discussing these issues and other issues important to your park district. Begin a "Computer Tip of the Week" publication, in which you remind users of the importance of safe use of their computers. Include a discussion of these issues in your organization's employee policy manual. These and many other ways will open up important discussion related to computer issues for your organization. JEFF MURPHY is a software developer for Lord & Murphy, Inc. and has been developing software and designing computer systems for park district and municipal governments for more than 12 years, lord & Murphy offers a complete line of software for park districts and municipal governments. Contact Murphy at jmurphy@lordandmurphy.com.
July/August 2000 ¦ 23 |
|
Sam S. Manivong, Illinois Periodicals Online Coordinator |