How to Protect Your Computer and Church Information

Discuss the feature articles on the LDS Tech Home Page.
User avatar
McDanielCA
Member
Posts: 490
Joined: Wed Jul 18, 2007 3:38 pm
Location: Salt Lake City, Utah

How to Protect Your Computer and Church Information

Postby McDanielCA » Tue Aug 25, 2009 1:13 pm

How to Protect Your Computer and Church Information was originally posted on the main page of LDSTech. It was written by Adam Wisden.

------------------------------------------

As a Technical Support Representative (TSR), I have seen a major increase in the amount of support requests related to spyware, malware, adware, or a regular virus. The Information and Communications System department (ICS) takes great care to protect computers and data from malicious and illegal activities. The Church has gone to great lengths to implement firewalls, antivirus software, intrusion detection systems, and so on.


That said, you can include certain daily practices to help mitigate the possibility of your computer being compromised.


I will discuss four habits that would make our computer environments safer at work and home.

Installing Software Carefully

Often we find ourselves installing programs that help us perform a function in our job but that are not provided by our organization or department. This includes freeware such as alternative Web browsers and FTP clients. Many open source and freeware software companies partner together to promote each other’s products. While one program is installed, by default another program such as Google’s or Yahoo’s Web toolbars may be installed. You must manually remove the check mark at the proper point in the installation in order to not have this software installed. By inadvertently installing software on our computers we open ourselves up to other problems such as slow performance problems and adware, spyware, or even malware. This can potentially be a very serious problem and increases unnecessary calls for support.


If you need to install a program, make sure that you read each screen carefully and know exactly what you are installing. If you have any doubt, please contact your support group.

Avoiding Risky Web Sites

Have you ever gone to a Web site that you are not familiar with while looking for something specific and ended up getting more than you bargained for? Maybe you were attacked by a million pop-up windows with annoying advertisements, or worse, inappropriate material. Have you ever gone to a Web site and shortly after found that you had a virus? This happens every day. You have been a victim of a drive-by installation of malware.


There is not a 100% solution to prevent this from happening to you while surfing the Internet; however, you can use a few techniques to reduce the risk of ending up at Web sites like this:

  1. When you manually type an address into your browser, make sure you type it correctly. Many sites have the same name but a different domain, such as www.providentliving.org and www.providentliving.com. One is a Church owned site, and the other is a commercial site.
  2. If you use a search engine to look for something, try to be as specific as possible. Before you click a link that looks like a match, read the Web address and the brief explanation to make sure it is relevant. If you don’t recognize the address or it sounds suspicious, don’t go to it. It is better to be safe than sorry.
  3. Ask coworkers or friends to refer you to a Web site. Chances are someone close to you has already researched that subject and knows where to go.
Monitoring E-mail

Many viruses are spread through the use of e-mail. Many e-mail virus authors are master marketers. They use subject lines that many of us can’t resist looking into. Some use love, money, or other things that pique our interest enough to open the message and unknowingly launch a small program that infects our computer. It can sometimes automatically spread itself by going through our address books and sending itself to everyone in it. This type of virus is called a worm and has wreaked havoc in many homes, businesses, and institutions around the world.


A good rule of thumb to follow is “if it sounds too good to be true, it probably is.” Trust your instincts. If you get that feeling that something about an e-mail message doesn’t feel right, don’t open it. Just delete it. You should be leery even if it is from a friend or family member. They may have been infected and unaware that the virus is sending itself to you. You can call or send an e-mail message to the sender to verify that the message was intentionally sent to you.


The biggest red flag comes when you get an e-mail message with an attachment from someone you are not familiar with. Delete this message. By following these precautions you will greatly reduce the opportunity ill-willed people have to infect and compromise your computer.

Locking Your Workstation

This scenario might sound familiar. You have been working on a task for most of the morning, and you are five minutes late for your lunch appointment. You finish up the last phone call and rush off to meet your friends for Chinese food. When you get back to work you find your computer turned off and a note on your monitor asking you to see your manager. While you were at lunch, someone sat down at your computer and attempted to access some inappropriate material on the Internet. The Web content filtering software caught it and saw a pattern of several attempts to different blacklisted sites in a period of a couple of minutes. An e-mail message was automatically sent to IT and management notifying them of the attempted breach in corporate security policy. When someone arrived at your desk, they found your computer unlocked and no one there. Your manager has some serious concerns.


Even though you are not the one that viewed those sites, you can still be held accountable for what happens on your computer. While this scenario might not happen every day, it does happen. It might not be an inappropriate site; instead it may be someone using your network credentials to access sensitive or confidential files from your computer. All of this could have been prevented if you had simply locked your workstation before you left for lunch. Always lock your workstation when your computer is not in your direct line of site.

Summary

We all have a responsibility to protect ourselves and others. Follow these simple steps to do your part in keeping information secure at work and at home.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Tue Aug 25, 2009 7:48 pm

I am sorry to appear negative, but I just could not resist.
McDanielCA wrote:The Information and Communications System department (ICS) takes great care to protect computers and data from malicious and illegal activities. The Church has gone to great lengths to implement firewalls, antivirus software...
The credibility of a statement like this goes down when the Policies and Guidlines for Computers Used by Clerks for Church Record Keeping, August 18, 2009, state this: (bold added for emphasis)
The stake technology specialist is responsible for installing (quarterly) the latest security and antivirus software updates on all computers in the stake.
Symantec, the company that provides the antivirus software the administrative computers use, sees the threat great enough to publish definition updates three times a day to keep ahead of the threat. With the number of units connecting administrative computers to the Internet going up each week and the lack of an auto update for the antivirus software places those systems at considerable risk with such outdated definition files.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

lajackson
Community Moderators
Posts: 6139
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Tue Aug 25, 2009 7:52 pm

jdlessley wrote:I am sorry to appear negative, but I just could not resist.


I was amused by some of the same thoughts. I restrained myself by concluding that the author of the article was probably speaking in terms of the computers at Church headquarters, in a corporate-like environment, and not in terms of the computers in the clerks office at Church that any young man could use to . . . whoops. They aren't supposed to be able to get in there, are they? [grin]

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Tue Aug 25, 2009 8:11 pm

Don't forget disabling Automatic Updates on Desktop 5.5, all users having Windows Administrator privileges, .....
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Tue Aug 25, 2009 8:20 pm

lajackson wrote:I was amused by some of the same thoughts. I restrained myself by concluding that the author of the article was probably speaking in terms of the computers at Church headquarters, in a corporate-like environment, and not in terms of the computers in the clerks office at Church...
I was trying real hard to believe he was only talking about headquarters also but the title kept convincing me otherwise. As did this statement:
McDanielCA wrote:That said, Church computer users can include certain daily practices to help mitigate the possibility of your computer being compromised.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

awisden-p40
Church Employee
Church Employee
Posts: 5
Joined: Tue Jan 23, 2007 11:08 am
Location: The land Bountiful

Postby awisden-p40 » Wed Aug 26, 2009 1:41 pm

Thank you for the comments. It is a good opportunity to clarify and address the field. The church's communications infrastructure is very unique in that here at headquarters we have paid employees who are trained and in their respective fields to support both headquarters and the field, however, since we are located in Salt Lake, we rely upon individuals who have been given an assignment or a calling as a Stake or Ward Computer Specialist. These people are not paid, and cannot be forced or managed as to how, when, or if, they do their job. Think of it like home teaching. Every month we are admonished to get out and do our home teaching, and every month the numbers stay about the same. Some companions sometimes go, others never, go, and others go every month. It is unfortunately hit and miss. I can tell you that we are constantly evaluating our current technology and the efficiency of it. Within the last year we have rolled out MS-Office 2007, switched from Novell Groupwise to MS-Exchange email systems. We are now in the process of switching from Norton Antivirus, to Sophos, which has a smaller footprint, is less expensive, more responsive, and easier to update. We have found that often when we install Sophos, it automatically detects viruses that Norton missed. Sophos updates daily instead of weekly and the updates are a fraction of what Symantec was. There are many new and improved technologies that have been implemented and that are forthcoming. The person sitting at the computer usually doesn't even know about most of the work and technology that has been put in place in order to protect the computers and the church. We aren't perfect yet, and neither is technology, but we are striving each day to be better. Please be patient and understanding with us, and maybe if you find yourself in the calling of Stake or Ward technology specialist, you will have a greater appreciation for being timely and responsive to updates and helping us resolve issues that you are seeing out in the field.

awisden-p40
Church Employee
Church Employee
Posts: 5
Joined: Tue Jan 23, 2007 11:08 am
Location: The land Bountiful

Postby awisden-p40 » Thu Aug 27, 2009 2:00 pm

Thank you for the comments. It is a good opportunity to clarify and address the field. The church's communications infrastructure is very unique in that here at headquarters we have paid employees who are trained and in their respective fields to support both headquarters and the field, however, since we are located in Salt Lake, we rely upon individuals who have been given an assignment or a calling as a Stake or Ward Computer Specialist. These people are not paid, and cannot be forced or managed as to how, when, or if, they do their job. It is unfortunately hit and miss. I can tell you that we are constantly evaluating our current technology and the efficiency of it. Within the last year we have rolled out MS-Office 2007, switched from Novell Groupwise to MS-Exchange email systems. We are now in the process of switching from Norton Antivirus, to Sophos, which has a smaller footprint, is less expensive, more responsive, and easier to update. We have found that often when we install Sophos, it automatically detects viruses that Norton missed. Sophos updates daily instead of weekly and the updates are a fraction of what Symantec was. There are many new and improved technologies that have been implemented and that are forthcoming. The person sitting at the computer usually doesn't even know about most of the work and technology that has been put in place in order to protect the computers and the church. We aren't perfect yet, and neither is technology, but we are striving each day to be better. Please be patient and understanding with us, and maybe if you find yourself in the calling of Stake or Ward technology specialist, you will have a greater appreciation for being timely and responsive to updates and helping us resolve issues that you are seeing out in the field.

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Thu Aug 27, 2009 6:23 pm

awisden wrote:Sophos updates daily instead of weekly


SAV has always updated daily for me at work and my customer's sties. Not sure why why it behaved that way for the church.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
jltware
Member
Posts: 68
Joined: Sun Feb 03, 2008 12:24 am
Location: Australia

Postby jltware » Sun Aug 30, 2009 12:53 am

awisden, I'm a little confused. I haven't seen any transition from norton to sophos. I certainly haven't seen Office 2007 become available. We got new computers only a little over a year ago, and they were all the old setup. Are these programs available worldwide, or only in a restricted trial area?

I also find it amusing the implication that it is the ward and stake technology specialists that are the link letting the team down, when the original replies pointed out very clearly that the shortcoming is that the automatic update functions of both windows and symantec have been disabled and steps taken to prevent them being reenabled locally. Three monthly updates being made available for a manual update is hardly a serious approach to online security in this day and age, especially when the software we already have licenses to provides for fully automated updates if we just did nothing and allowed it to work according to its default settings. How is that the technology specialist's fault? I'll be the first to admit there is a huge amount of variation in the technical abilities of people in those callings, but it shouldn't matter as the infrastructure already exists in windows, symantec and landesk to push out any updates to any computer in the world fully automatically. It simply isn't being used by headquarters at the moment, and that is by far the weakest link in the security chain in my opinion.

If there is a way for us to switch away from the rather dated symantec security suite (or to install Office 2007), could you please fill us in on the details, because I for one would love to push this out to every computer in the stake.

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sun Aug 30, 2009 1:14 am

jltware wrote:awisden, I'm a little confused. I haven't seen any transition from norton to sophos. I certainly haven't seen Office 2007 become available. We got new computers only a little over a year ago, and they were all the old setup. Are these programs available worldwide, or only in a restricted trial area?


I suspect he's not separating employee workstations from unit workstations. Certainly CHQ has changed over from Groupwise to Exchange, so that makes sense.

Computers in an official FHC have/are changing over from Symantec to Sophos. There's been hints that the same will happen to Administrative computers, but so far I've seen no procedure or instructions for doing so.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.


Return to “LDSTech Featured Article Discussions”

Who is online

Users browsing this forum: No registered users and 1 guest