12 Actions U.S. Businesses Should Start Today to Tighten Security

FBI Warns of Cyber-Terrorism Threat

CHICAGO, September 24, 2001—Telenisus Corporation, in response to FBI warnings of cyber terrorism, has issued security recommendations and guidelines for U.S. businesses, including 12 immediate actions that companies can take to help protect themselves.

"We were all shocked and hurt to various degrees by the September 11 terrorist acts. We obviously cannot do anything to reverse what happened, but in some small way perhaps Telenisus can help others avoid being affected by another malicious event--cyber terrorism," said Gordon Reichard Jr., Telenisus president and chief executive officer. "The FBI has issued multiple advisories warning of the increased likelihood of computer attacks, and we hope that our recommendations and guidance will drastically improve the security preparedness of many U.S. businesses."

Telenisus, a managed Internet infrastructure service provider specializing in information security, is making available two documents. The first, "Don’t Wait: 12 Actions You Should Start Today To Tighten Business Security," (below) is a listing of 12 specific actions companies can begin today to make sure their information and systems are secured. The second document, "12 Principles for a Secure Business," focuses on the elements of a long term, comprehensive security program and the questions company executives can ask to ensure their businesses are as protected as possible. Both documents are available online at www.telenisus.com.

Don’t Wait: 12 Actions You Should Start Today To Tighten Business Security

  1. Remove active accounts (phone, e-mail, Internet, voicemail) belonging to former employees and consultants.
  2. Establish a process for human resources to notify the system administrators when employees leave the company.
  3. Review what’s being allowed in through each network connection. If you can’t determine where remote entries are coming from, shut them down.
  4. Review how remote and external users are being authenticated. Where possible, move from weak authentication methods, like password use, to strong methods, like token-based authentication, where small devices provide employees with ever changing passwords.
  5. Make sure all encryption functionalities on your existing software applications are enabled.
  6. Make sure your critical systems have been recently backed-up and that backups are protected at another location.
  7. Review security alerts and vendors’ patch announcements. Know what versions of operating systems and applications you have, seek out alerts that affect them and apply the appropriate patches quickly.
  8. Ensure your important networks, hosts and applications are being monitored for malicious/abnormal activity. The worst scenario is for an attack to go on for days or weeks undetected.
  9. Undergo a security test of your corporate network perimeter to find, then fix, any vulnerabilities.
  10. Update your business continuity plan. Define what people must do in the event of a facility or information systems breakdown as well as scenarios where critical personnel or business partners are unavailable.
  11. Classify your data based on what is most valuable and what would cause the most risk if compromised, then look at how it is protected in storage and transmission—whether in paper or electronic form.
  12. Inform employees how they are expected to protect company information. Educate users on use of passwords, including avoidance of setting easily guessed passwords; improper posting of passwords on PCs; and sharing of passwords. Help them understand the "social engineering" threat and the importance of protecting such property as laptops, PDAs and paperwork in and away from the office.

About Telenisus

Telenisus Corporation (www.telenisus.com) is a managed Internet infrastructure service provider, helping customers conduct business securely over the Internet. With its award-winning security and infrastructure management platform, the company is expert at protecting and managing the infrastructure that supports customers' business applications. Telenisus is highly regarded for its expertise in security, excellence in customer support and strength of track record. The privately held company, founded in June 1999, is headquartered in Rolling Meadows, Ill., a Chicago suburb.

NEWS MEDIA, for more information, contact:

Rick Aspan, director of communications, Telenisus, at 847-871-5038 or raspan@telenisus.com

Kraig Smith, PR21 for Telenisus, at 312-396-9792 or kraig.smith@pr21.com

Telenisus, Built for e-Business and 7x24xForever are trademarks of Telenisus Corporation. Other product and company names may be trademarks or registered trademarks of their respective owners. Copyright 2001 Telenisus Corporation. All rights reserved.

# # #