Security and the Internet

3. Software Control

3.1 Any software from outside your system can create a security risk.

• The software itself may have security weaknesses. For example, a hacker may be able to decipher the password which has been used to protect a word-processing file.
• The software may create security weaknesses in your system. For example, software which allows external dial-in access to your network.
• The software may be infected with a virus.

3.2 Control software installation.

• Ensure that only designated employees install software.
• Do not install unnecessary software. For example, free plug-ins which allow web-browsers to read audio and video files (unless you need them).
• Computer games, particularly free downloads from the Internet, are a major source of viruses and other problems.

3.3 Control software configuration.

• The way software is set up affects security. For example, you can set up Microsoft Word to check documents for macros before opening them.
• Where possible, configure software when it is installed, and do not let employees make changes to it. Secure configuration of Internet access software is essential (see 5.2).

3.4 Regularly check for software updates.

• Major software suppliers issue patches to fix identified security weaknesses and other problems in their software.