A strategy that keeps gaining ground is the concept of “white listing” applications. In plain English, this means your computers have a list of programs that are on the “approved” list to run, such as Word, Firefox, Acrobat, Excel, etc.

Then, any other program cannot run. Period. That means virus 1, virus 2, virus 999, etc. is not allowed to run. This solves the whole problem of needing anti-virus. In theory, even if a virus does come into your network through e-mail, web site drive by download, or Ernie in shipping carrying in an infected memory stick, it doesn’t matter. The virus cannot run anyway!

The challenge lies in your IT department being able to keep an organized white list of “approved” programs. When an update to a program arrives, the new update has to be listed too or it will not run.

Many providers are offering solutions including Bit9 Parity and Lumension Application Control and there are constant advancements in making administration even easier.

Yes, some day anti-virus may be old news and never used again.

The IT professionals can use tools like anti-virus, firewalls, application and OS patches, etc. Many IT professionals are not using the tools as effectively as they could, and frequently aren’t using them at all on one or more computers. None of the tools are “set and forget”—all of them have to be monitored.

I feel the executive’s real challenge is, “I don’t know how to help my IT professional fight viruses.”

Responsible executives:

• Provide enough uninterrupted time for the IT professionals so the IT professionals can get their work done.
• Allow ongoing training for the IT professionals to keep up with ever changing technology.
• Hold the IT department accountable for fixing issues discovered during an audit.
• Provide managerial support for policies that support security—such as forcing computer screen savers to lock after a period of inactivity.

That’s why you need to secure your the individual workstations as well as the network. And whether you have three computers or 300, you need to have everyone on a domain model, not workgroup model, with a dedicated server. That will give you a central management point so you can take care of all the machines automatically.

Also realize that your company’s computer network is only as strong as its weakest link. Often I hear in companies that the CEO won’t let anyone from IT touch his or her computer. But if all the other computers in the network are up to date except the CEO’s, your company is still vulnerable. So you have to make sure everyone’s computer, even the CEO’s, is protected.

This is why it is so critical that you understand the importance of securing your network as well as individual workstations, and visa versa. When your IT professional says they want to make your computer safe, let them — that’s what they get paid to do!

What are your thoughts on this topic?