| |
How Secure Is Your Security? You've got firewalls and you've got antivirus software, so why is your computer back with IT having its hard drive wiped and everything re-installed? The simple answer is because the risk to security wasn't taken seriously enough!
This time you were lucky, a simple virus or Trojan can be sorted. Next time though, it could be a hacker. Before you have time to say 'annual bonus' your entire database is floating around in cyber space and you've got some serious explaining to do to your customers. Not the most ideal way to start your Monday morning. However, armed with a little research and common sense you can make sure your database isn't quite as vulnerable.
In a nutshell, security is all about managing risk, whether that risk is to your ongoing profitability or your organisational climate, if it could happen, what can you do to minimise the risk of it becoming likelihood? Your database may never be hacked or pick up any lethal viruses; but if it does, do you really want to be explaining to your client why you've lost all their confidential information?
With every Tom Dick and Harry out there offering so many different security products how do you know what will best suit your business? Vendor A seems to be selling the same product as Vendor B, their packaging is similar; they both appear to be offering the same things and the only really obvious difference is vendor A is charging a lot more money. The most common explanation for this is vendor A is investing a lot more money in the research which goes into his security. Vendor B can promise to protect you from every potential risk out there today, but vendor A is making sure they are pre-empting what may well come at you tomorrow too.
It's not just what may attack you 'out there' which you need to be vigilant about. In fact, your security is more likely to be breached by one of your own employees. Simple steps can make sure your business doesn't scream 'easy mark' to every passing hacker or disgruntled employee. Obvious passwords need to be banned; it is far too easy to find out what Sarah in accounts cat is called, or the registration plate of Luke in sales, especially in this social networking age. You should also make sure that old accounts are removed, especially if an old employee didn't leave on the best of terms, you leaving their account open is just asking for them to extract a little revenge. It's also important to make sure security access is used wisely. Does your intern really need the same level of access as your account directors? It may be easier just to give them all administration clearance, but is it an acceptable risk? One last really simple thing you can do to improve your security is 'Patching', when vendors discover a potential weak spot in the security package the patch will remedy that potential flaw, ignoring theses patches means ignoring a recognised risk.
So you've taken a good objective look at your business from the point of view of a hacker and decided that losing your computer to IT for the day (and that's at the very least) isn't a viable option. You also know that the cheapest option out there isn't necessarily going to cost you less in the long run. So now you need to work out how much is acceptable to spend on any potential risks. The simplest way to do this is, to put a value on what it would cost you if anything happened, then times it by how often this risk could occur. From this you should be able to work out what is acceptable to spend on your security.
Resource Box: To find out more about business security and risk, visit: http://www.guruonline.tv/ViewSets.aspx?search=ibm For more business advice on subjects such as sales, finance, technology plus dozens more, visit the Guru Online home page where you can access hundreds of bit sized videos, full of constructive advice and information for free: http://www.guruonline.tv/Default.aspx
 EasyPublish™ this article - publishers click here
More articles by Kim Hutson
- Using Legacy System Integration to Reduce Risk and Costs (Alicia Hilton)
Legacy system integration can be defined as reusing existing legacy systems and applications by integrating them with newly developed enterprise applications. Legacy system integration provides a non-intrusive method of reusing existing mission-critical applications that reside on legacy systems such as the mainframe or AS/400. Reclaiming these existing resources has many advantages, including reduced risk and significant cost savings. - Website Publishing Power (James Schramko)
A new generation of website building software has found the middle ground between powerful tools and capabilities, and user friendliness. Looking professional has never been so easy. - FTPS Secure SSL File Transfer (Alicia Hilton)
FTPS is a protocol for transferring files using SSL to secure the commands and data that are being transferred between the client and the server. Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, FTP and other data transfers.
|