Circulated but not written by David W. Virtue
 

Here are a few tips that any parish can implement to secure their IT
systems from physical attack:

   1. Upgrade from Windows 95/98/ME to Windows 2000 or Windows XP
      immediately.  Do not wait. There is no way to secure the earlier
      Windows environment.  None.
   2. Immediately convert to the NT File System (NTFS).  Earlier
      versions of Windows used DOS's FAT system which is easily
      breached.  NTFS cannot be highjacked because of its inherent
      security features.
   3. Deploy the full range of passwords on your systems:  POWER-ON and
      HARD DISK passwords at the CMOS level; LOG-ON, SCREENSAVER and
      NETWORK passwords at the operating system level.  The former will
      render the computer inaccessible and effectively dead-on-arrival
      to any thief.  The later will guard against intrusion for systems
      that are attacked during the business day.  CMOS are so effective
      that replacement the motherboard and hard drive is necessary if
      the passwords are lost. [Actually that last sentence is not true, but don't tell
      your bishop.  E. Fox]
   4. Enforce a strict password policy and accept no violations.  The
      consensus today is that an 8-character password using letters,
      numbers and perhaps punctuation will thwart even determined
      attacks.  Change passwords frequently, once-per-quarter, as a
      defense against spying.  Under no means allow users to post their
      passwords on 3M post-it notes!
   5. Encrypt sensitive files using NTFS.  This will ensure only the
      authorized user of that particular machine can view the file.  If
      the hard drive is stolen and its power-on password is cracked, the
      file will still be unreadable even by data recovery specialists.
   6. Log-off all workstations each night and consider turning them off
      completely to prevent unauthorized access.
   7. Do not use wireless "Wi-Fi" access technology.  If you already
      employ Wi-Fi, then learn how to configure its security features
      and restrict access to the specific IP addresses of authorized
      users.  Out of the box, few 802.11 systems use strong security and
      they are easily leveraged by hackers.  Don't be one of their victims.
   8. Make secure, off-site backups of your most valuable data.  DVDs
      are an inexpensive means, while numerous firms offer secure
      network-based backup and retention services available for a fee.
      All physical security measures discussed above apply to your
      backup data, too.

These eight steps will prevent even determined professionals from
accessing or stealing your data.  Remember: the true value of your
investment in IT is not the hardware, it is the information stored in it.