| |
| Internet
security
Is your business your own?---------------------------------------------------------------------------------------------------------------------
A Business enabler not a restricter
The internet is transforming the way businesses work. Emerging
technologies are consolidating global markets and opening
doors of opportunity to all, regardless of size. You cannot
afford to miss out on the many opportunities the internet
offers, but it's important to understand the security risks
it can introduce into your business...
A secure solution must be the top priority for any business.
Risk versus Opportunity
Hardly a week goes by without
a major internet security problem hitting the headlines.
Well known sites have been brought down by hackers or have
had confidential information stolen. No company is immune
to these security breaches and they can seriously damage
the reputation of your business - and when a company suffers
a security breach, it damages its credibility which can
adversely affect its share price.
The risk can be Substantially implementing a comprehensive
security policy can substantially reduce the risks and making
sure it's properly managed. That security policy has to
be stringent enough to protect your business, but flexible
enough to be workable. By outlining your security policy,
you put your company in a position to take advantage of
all the opportunities the Internet has to offer.
|
----------------------------------------------------------------------------------------------------------------------------------- |
Understand the Risk
It's
not connecting your business to the internet that poses the
biggest security threat; the majority of security breaches
come from inside an organisation. Insecure passwords, casual
mistakes, disgruntled employees, Viruses and the inappropriate
use of the email system are all common internal security problems.
You can minimise the internal risk by establishing a security
culture within your business and making sure that culture
is understood by all employees. Security policy design should
take both internal and external threats into account.
|
| What are the dangers?
- Attack and breach of your Private Network
- Breaches of confidentiality during
transmission of data, both internal and
external, via email, web, etc
- Viruses from external/internal sources
- The reduced ability of your network
to service your requirements
- Failing to meet your legal responsibilities
as outlined in the Data Protection Act
- Loss of staff productivity
- Corporate embarrassment or damaged
reputation
- Security breaches by the well
intentioned but badly educated.
|
Legal responsibilities
All businesses have a legal responsibility
to keep their systems secure. Ignore security and you
could be unwittingly breaking the following laws:
--------------------------------------------------------------------------------------------------------------------------------------
|
| Implement the solution - minimise
the risks
The first step in creating a workable
security policy for your business is to define your security
risks; don't forget the old adage 'forewarned is forearmed'.
In understanding the risk (and hence
the required security) you have to understand both the threat
and the vulnerabilities associated with using the internet.
It's important that you ask yourself some of the following
questions;
The Threat
What happens if a hacker deletes
our database?
The Answer
We lose the ability to trade
|
| The Vulnerability
How could a hacker delete our database?
The Answer
The applications we are using are insecure and we're connected
to the internet. The risk is that you could lose your database
(and therefore your ability to trade), but if you're not
using the internet you're not trading to the best advantage.
You have now:
- Identified the key assets of your company
- which may be under threat
- Considered the vulnerabilities associated
with these assets
- Evaluated associated risk.
Using the above information, you can decide
on a security policy.
---------------------------------------------------------------------------------------------------------
Defining security policy
When it comes to defining your security policy some of the
areas you need to think about are:
- Defining clear usage policies
for the web and for email. These usage policies should
be written down, explained to all employees and outlined
in their contract of employment.
- Setting up and enforceing a password
policy
- Educating your users about the
value of security and giveing them the appropriate training
- Ensuring that senior management
is involved.
No combination of hardware and software
will remedy all your security concerns without an associated
policy. Nor will a single product remedy your security concerns;
you need a combination of software and hardware security
solutions together with a security aware culture at all
levels within your company. Beyond that you also need to
make sure your hardware and software is configured properly.
Firewalls can minimise the effects of sabotage, but a badly
configured firewall is worse than no firewall at all - it
leads to a totally false sense of security. |
|
| |
Copyright
© 2001 Axia IT Business Solutions .Infostations, the Axia logo, and
the Axia Sub logo are trademarks of Axia IT Business Solutions. |
