BIT takes information security seriously
At BIT we value security and availability. That shows in the way we have set up our service and in the mentality of our employees. Information security is part of our DNA as it were. When people think about information security, they usually think about protecting information against people who do not have access to it: the confidentiality aspect. However, there are two more aspects that are just as important: accessibility (is information available when it is needed?) and integrity (is the information reliable and complete?).
ISO/IEC 27001 and NEN 7510
Because we at BIT don't only say what we do, but also do as we say, we have placed an ISO-stamp on our measures for information security. ISO/IEC 27001 is an international standard for information security. This standard focuses on the development, execution, checking and improving of an ISMS (Information Security Management System). An ISMS is a system for managing and controlling information security. It is important that information security is viewed as a process that will always be important within an organisation. The ISMS makes sure that an organisation keeps learning and improving their information security.
All the services BIT provides are ISO/IEC 27001 and NEN 7510 certified. Not only our data center services, but also our networking, e-mail, hosting and management services.
In addition to our ISO/IEC 27001 certification, the full service of BIT is also NEN 7510 certified. The Dutch norm NEN 7510 describes the information security specifically for health care, where availability, integrity and reliability of patient data is crucial.
Your own measures
For clients that manage their own IT-infrastructure, it is important to know which threats exist and how to ward yourself against them. That is why we have listed the most important elements below.
When your computer connects to the internet, it is essential that this computer uses a firewall to keep unwanted traffic out. Virtually all operating systems have a built in firewall, but there are several (free) firewalls that provide more functionality. Make sure that a firewall has been started on your computer and that it is updated periodically.
Viruses can rapidly spread through the internet and can cause significant damage to your computer. That is why it is important to always use a virus scanner and have the scanner updated automatically and periodically with the newest virus definitions. Examples of free virus scanners are AVG and Avast, but there are many more suitable (free) scanners available.
Because many viruses spread via e-mails, we strongly advise people to use the BIT virus scanners.
Spam is a major part of the annoyances found on the internet. With the BIT spam filter, the bulk of your spam can be stopped.
Unfortunately, spam is not always preventable. However, there are a few things you can do to limit the amount of spam you receive:
- Be careful with disclosing your email address. Do not unthinkingly place it on public websites or forums where everyone can find it.
- Do not respond to spam and do not click on the unsubscribe links. These usually only confirm the spam has been received and read.
- File a complaint when you receive spam. For Dutch spam, you can file your complaints on the website spamklacht.nl.
Phishing is a type of internet fraud in which visitors are lured to a website that is similar to the website of, for example, a bank or a provider's webmail. Subsequently the visitor is asked to fill in personal information (like login data or a credit card number).
The best way to protect against phishing is to be critical: ask yourself whether a request is realistic and contact the relevant party when you have doubts. Closely examine the URL in the address bar of your browser and check whether the address begins with 'https'. Check if a lock is shown and when you are unsure, click the icon to see whether the certificate used for the encryption has been issued by a proper issuer.
Almost all recent browsers have adopted blacklists nowadays to warn for phishing sites. Make sure you use a recent browser and enable this function.
Trojans are programs that pretend to be something else (for example a screensaver or a game), but once they have been started up, can be used by others to get control over your computer. Trojans look like viruses, but are not recognised by virus scanners. There are special trojan scanners available that specifically look for and intercept such trojans.
Spyware is software that works on your computer unnoticed and observes what you do with your computer. Information (for example passwords, account numbers and credit card data) is then sent to the maker of the spyware, who can use this information - as a rule - in your disadvantage.
There are several free programs on the market to check Windows PCs for the presence of spyware, for example Ad-Aware and Spywareblaster.
The goal of identity theft is to obtain your personal or corporate data. This may include confidential emails or files, login names and passwords or credit card data. This information is subsequently used by criminals to be able to pose as you. Identity theft can be prevented by being careful about where you put confidential information and by making sure your computer is properly secured.
Wireless networks can be very useful. However, when they are not configurated correctly, they can be a source of problems: third parties can use your network for criminal activities. Make sure your wireless network has a strong protection (WPA). WEP-protection and protection on the basis of a MAC address is relatively easy to circumvent for people with malicious intent. The factsheet of GovCert contains more information and several good tips about securing wireless networks.
Many matters on the internet require a password identification. Make sure that the passwords you use are not easy to guess for others by combining capitals, lower-case letters, numbers and punctuation marks. Use different passwords for different services and change them from time to time.
All operating systems have regular updates and patches. Be sure to install these. Forgetting to update your computer can make it vulnerable for viruses, trojans and other attacks. Many operating systems provide the opportunity to automatically check for updates. Enable this function, so you will be kept up-to-date with the latest changes.
Botnets and zombies
A botnet often is a big group of computers infected with a trojan and, therefore, under the control of a botnetadministrator. This administrator can control these infected computers (called 'zombies') from a distance and use them to send spam or attack other computers. Make sure your computer stays up-to-date and scan it regularly for trojans and viruses.