Network Security – How Vulnerable Are You? 

Technology has become indispensable in today’s business, yet risks that computer networks introduce can be devastating if not fatal to your business. There’s a lot out there to be concerned with today. There’s email and web viruses, worms attacking servers, and hackers who break into your system, steal your identity, your trade secrets, your sensitive information, cause destruction and more. Could it happen to you?

According to security surveys on computer crime from the 2002 Computer Security Institute (CSI) and the Federal Bureau of Investigations (FBI), surveys revealed that 90% of companies surveyed detected security breaches in 2001 and 80% suffered financial losses due to the breaches (average loss due to financial fraud or theft of proprietary data was over $1 million). Some of the frequently sited problems were: Computer viruses 85%, Website access abuse 78%, Website vandalism/defacement 70%, and Insider attacks accounted for 71%. What can you do to avoid being a victim? Become Proactive!

Start by developing a plan. Assess the vulnerabilities in your software, hardware and your people. The more likely targets for attacks are places that deal with financial transactions, places that have personal information, places that have application processing, and technology companies (for wanted information and because it’s considered “cool” to hackers).

Set up in-house security policy and procedures and put them in writing. Conduct regular employee training of your security policies and procedures and insist on your company policy enforcement.

A set of procedures should be followed when an employee leaves or is terminated that would include any access an employee had and removing their user name and password from all locations. Any high level shared password should be changed and any external access they might have to your network such as a VPN should be removed.

Make sure your employees know what information should NOT be released or talked about and what tricks can be used to get that information from them. Sometimes all it takes is what appears to be casual conversation to get the information someone needs to get through a porthole or other barrier. Don’t forget the simple yet important things like the use a document shredder!

Intrusion monitoring is recommended on your systems to detect attempted break-ins or possible flaws that can be exploited.

Hardware and software issues for your company security plan should include virus protections such as spam filtering with regular update protection and management, web filtering to prevent web based viruses, Internet blocks that restrict employees from such places as adult sites. Be aware that these online locations can cause virus infections; some of them will automatically download and install dialers that can be an open door for penetration. This can cost you money as well as create legal liabilities in the form of sexual harassment lawsuits should an unsuspecting employee turn on a company computer and be faced with one of these sites.

Allow only approved items or programs to be installed on company computers. You don’t know what their program can do to the health of your computer or network.

Be watchful of modems connected to computers used for tasks such as fax machines and credit card authorizations. These devices can answer incoming calls and be a source for outside penetration and intrusion.

It’s more time-consuming and costly to repair damage while under pressure or attack. Smart planning, in-house policies & procedures and continued employee training can prevent you from being a victim of an attack.

For more information on email and other forms of identity theft visit: http://www.consumer.gov/idtheft/

Yvonne Coty is a part of Barrington Services, a Roseville-based IT Outsourcing company specializing in small to medium sized businesses. More information is available at www.barringtons.com or by calling (916) 677-0077.