Conficker C computer worm
This is a worm variant that is starting to make its way throughout the internet. It is expected to hit on April 1st. Business Knowledge Systems recommends that all users make sure that all their virus definitions are updated and that all Windows Updates have been applied. Microsoft released a patch for this virus on October 23, 2008. If you have run the latest Microsoft updates later than October you should be protected. We recommend that you connect to the Windows Update website and run the express updates to make sure you have all the security updates. Also verify that your virus definitions are updated to the latest standard as well. Below are some links with information about the Conficker Worm
- Microsoft website with information about the virus – https://support.microsoft.com/en-us/help/962007/virus-alert-about-the-win32-conficker-worm
- Second Microsoft TechNet website with more technical information about the worm. http://technet.microsoft.com/en-us/security/dd452420.aspx
- Mcafee Threat labs information – https://kc.mcafee.com/corporate/index?page=content&id=KB60909
- Most importantly a link to Microsoft’s Windows Update website – http://windowsupdate.microsoft.com/
If you are not sure if your network is protected please feel free to call us at anytime at 630.357.8385. Also please feel free to forward this information along. If you are a current client of Business Knowledge Systems under a standard routine maintenance plan we are actively checking each network to make sure they are fully protected from this worm.
Information Security and Corporate Computer Usage Policies
Author: Chad R. Holstead of Business Knowledge Systems
Many small business owners are so focused on the day to day operations of their office and business that many times the corporate policies and IT policies never get written or communicated to the employees. This is a very dangerous situation for the small business owner. In this article we are going to document what standard policies should be created, why they should be created, and how to make sure they are properly conveyed to the employee.
1. What are IT policies and what should be discussed in these policies?
An IT policy is a written document that will describe the basic use of computers and software as well as the information that is provided through these devices. Two standard policies that most small businesses should have in their corporate policy manual are an Information Technology usage policy and Information Technology security policy. The usage policy dictates how employees are allowed to use their computer. (IE…. Computers are to be used for business reasons only not personal) Information security policy dictates who has access to what data. (IE… What forms should be filled out to ask for access to the HR database, and who is to approve that access)
2. Why do you need these policies
These policies should be implemented to protect the business and the business owner from numerous issues. The first issue is production. If employees are spending time on Facebook.com they are most likely not working on their job and therefore costing the business money. If employees are reminded of the corporate policy on Internet use most often this trend will change. Also it protects the business from lawsuits. In the event that a coworker was using the internet for things that may be offensive to someone else in the office a standard policy will help protect the business from a lawsuit. As for the security policy this is designed to block access to information that employees do not need to do their job. For example Bill in shipping should not have access to payroll. This policy also protects the intellectual property rights of the business. Documents and data created or gathered for the business are the property of the business and a good security policy will document that.
3. Conveying / Enforcing IT policies to your office
All policies are in fact useless unless they have been conveyed to all the employees. These policies should be part of the standard corporate policy manual that each employee reviews when they are hired. The employee should be made to sign a document stating that they have received the policy manual and have read and understand the information provided within. (This is something that any good HR manager will tell you). These policies are only good if they are enforced as well. Many times small business owners can very easily email policies to the entire office to remind everyone that these policies are enforceable. One way these policies can save the business owner money is on Virus cleanup. If it is determined that an employee received a virus because he or she was not using the computer for business reasons the employee may be required to pay for the cleanup. (This is a very harsh example, but it proves the point on how these policies should be invaluable to a small business owner) Many small business owners will choose to ignore these polices for the “We trust our employees” attitude. This is fine but it sets a dangerous precedent that could harm the business later if an employee inadvertently does something harmful or dangerous. Such as forwarding a joke via email that someone else may find offensive. The sender may have thought nothing of it but the person receiving the email may have grounds for a lawsuit against the business. If these policies have always been enforced the business would have the precedent and the policy to back itself in court. IT policies are for every business. These policies should be well documented and conveyed to the employees and staff. Each business will be different as to how and what is enforced, however without any policy there is nothing that can be enforced.
Employee Guidebooks –
Why They are Important for your Business
Author: Gene Wilson of Pantheos
Employee guidebooks are widely used by employers as an efficient way to communicate basic information to employees about company policies and the employment relationship. Certain policies included in an employee guidebook are required by law or provide legal protections to the employer. Other policies in the employee guidebook provide information to the employee about the company, employee benefits, and what is expected of the employee, including workplace conduct, timekeeping, attendance, information security policies, and other important issues. A properly drafted employee guidebook can be a valuable communication tool provided employers take steps to avoid the legal problems that can arise when the guidebook is not properly drafted. Many employee guidebooks are riddled with mistakes that increase employer liability and make it harder for businesses to operate. Here are three of the biggest mistakes:
1) Inadvertently creating contractual rights to employment . In Illinois, the employment relationship is “at will,” which means a company can terminate an employee for any lawful reason without notice. This “at will” presumption, however, can be altered by a poorly drafted guidebook which inadvertently guarantees employees certain rights. 2) Inaccurately classifying employees as exempt. Under the Fair Labor Standards Act, employers are not required to pay exempt employees overtime pay, while nonexempt employees are required by law to receive overtime compensation. There are certain categories of employees that companies are not required to pay overtime. An analysis of an employee’s job duties is required to determine whether an employee is exempt or nonexempt. Employers often misclassify employees and assume that because an employee is paid on a salary basis that there is no need to pay overtime pay. 3) Neglecting to detail procedures for reporting and addressing harassment. Most employers recognize the need to have a policy to protect against illegal discrimination and harassment. Many employers, however, neglect to include procedures for reporting harassment or discrimination. Employers may also need to revise policies to deal with the increased reliance on technology, such as email, internet usage and office monitoring. Employers should add clear and precise provisions to deal with these technologies that can be abused and misused by employees. Here are some tips:
- Specify each type of equipment that will be subject to monitoring, i.e. email, voicemail, internet access systems, hard drives, laptops, PDAs and cell phones.
- Include an acknowledgement form in your guidebook so that employees understand the monitoring policy and consent to each form of monitoring.
- Add provisions requiring employees to use only hands-free cell phones, PDAs or other devices while driving on company time or on route to conduct company business. Although not considered a legal requirement, this provision is essential in reducing the risk of car accidents.
If you are considering the implementation of your first employee guidebook or updating one that is years old, seek out professional advice and counsel. Seeking professional advice will ensure that your employee guidebook details all the necessary provisions, reflects any new labor regulations, and avoids the numerous mistakes employers routinely make. About PANTHEOS Group. PANTHEOS Group provides a variety of professional employer services, including Human Resources, Payroll, Risk and Safety and Benefits. The development of customized employee guidebooks for your business is a key part of their comprehensive list of services. Headquartered in Burr Ridge, IL, PANTHEOS is ready to be your Guardian, Partner and Champion.
Two New Service Offerings
Business Knowledge Systems is proud to announce the creation of two new service offerings. Through strategic hiring and growth BKS has been able to create a full I.T. Due Diligence practice devoted to the growth and security of the investment community. BKS also has added a full Managed Services Practice that will concentrate on providing secure 24×7 services to small and midsized business.To learn more click on the following links
- I.T. Due Diligence
- I.T. Managed Services
BKS also offers Online Data Backup
- Online Data Backup