Network
Security – How Vulnerable Are You?
Technology
has become indispensable in today’s business, yet risks that computer
networks introduce can be devastating if not fatal to your business.
There’s a lot out there to be concerned with today. There’s email
and web viruses, worms attacking servers, and hackers who break
into your system, steal your identity, your trade secrets, your
sensitive information, cause destruction and more. Could it happen
to you?
According
to security surveys on computer crime from the 2002 Computer Security
Institute (CSI) and the Federal Bureau of Investigations (FBI),
surveys revealed that 90% of companies surveyed detected security
breaches in 2001 and 80% suffered financial losses due to the
breaches (average loss due to financial fraud or theft of proprietary
data was over $1 million). Some of the frequently sited problems
were: Computer viruses 85%, Website access abuse 78%, Website
vandalism/defacement 70%, and Insider attacks accounted for 71%.
What can you do to avoid being a victim? Become Proactive!
Start
by developing a plan. Assess the vulnerabilities in your software,
hardware and your people. The more likely targets for attacks
are places that deal with financial transactions, places that
have personal information, places that have application processing,
and technology companies (for wanted information and because it’s
considered “cool” to hackers).
Set
up in-house security policy and procedures and put them in writing.
Conduct regular employee training of your security policies and
procedures and insist on your company policy enforcement.
A
set of procedures should be followed when an employee leaves or
is terminated that would include any access an employee had and
removing their user name and password from all locations. Any
high level shared password should be changed and any external
access they might have to your network such as a VPN should be
removed.
Make
sure your employees know what information should NOT be released
or talked about and what tricks can be used to get that information
from them. Sometimes all it takes is what appears to be casual
conversation to get the information someone needs to get through
a porthole or other barrier. Don’t forget the simple yet important
things like the use a document shredder!
Intrusion
monitoring is recommended on your systems to detect attempted
break-ins or possible flaws that can be exploited.
Hardware
and software issues for your company security plan should include
virus protections such as spam filtering with regular update protection
and management, web filtering to prevent web based viruses, Internet
blocks that restrict employees from such places as adult sites.
Be aware that these online locations can cause virus infections;
some of them will automatically download and install dialers that
can be an open door for penetration. This can cost you money as
well as create legal liabilities in the form of sexual harassment
lawsuits should an unsuspecting employee turn on a company computer
and be faced with one of these sites.
Allow
only approved items or programs to be installed on company computers.
You don’t know what their program can do to the health of your
computer or network.
Be
watchful of modems connected to computers used for tasks such
as fax machines and credit card authorizations. These devices
can answer incoming calls and be a source for outside penetration
and intrusion.
It’s
more time-consuming and costly to repair damage while under pressure
or attack. Smart planning, in-house policies & procedures
and continued employee training can prevent you from being a victim
of an attack.
For
more information on email and other forms of identity theft visit:
http://www.consumer.gov/idtheft/
Yvonne
Coty is a part of Barrington Services, a Roseville-based
IT Outsourcing company specializing in small to medium sized businesses.
More information is available at www.barringtons.com or by calling (916)
677-0077.
|